IN THE PROFESSION
better or for worse, for or against an individual or entire populations. companies and individuals may never recover.
WHAT IS CYBERSECURITY?
Simply put, cybersecurity constitutes a set of practices that minimizes
opportunities for unauthorized manipulation of information within
your possession. It is not magic. Software exists to make it difficult
for an outsider to gain access to your system. It should be used,
but the real threat is not digital as much as it is exploitive human
engineering. So what are we, as lawyers, to do about IT? The fact of the matter is,
that while the more paranoia-inducing possibilities of what results
from mass data collection, or the fallout from a cyber security breach
are limitless, there also exist many beneficial possibilities for the
use of private data, and the technology that protects that data. The
question becomes, how do we control that for only the betterment
of society?
A hacker can direct many weapons at your system, such as repetitively
entering potential passwords until one works. Machines can throw
hundreds of words at your system in a few seconds. (That is why
your password should not be a term found in a dictionary). But why
go through the effort when a bad actor can successfully ask for the
keys to your digital kingdom? The ruse can take many forms. Your
bank writes asking you to verify some information. A co-worker
receives a call asking that certain information be provided at your
request. (Or even out of the blue. What easier way to get an answer
to one of your security questions than to call someone, apologize
that your spouse’s name has been forgotten, and asking for it on the
ruse that an invitation to a party is in the works?) The fact of the matter is that Bob Dylan was absolutely correct that
“If your time to you is worth savin’, then you better start swimming,
or you'll sink like a stone.” Will you, as a citizen of the world or a
member of the Atlanta Bar Association, be ready to understand how
our world has, and will continue to change, knowing those changes
are going to occur more drastically, and with more frequency? Join
us, for the betterment of our own legal community, and by extension,
for the betterment of our society.
Bad actors rely on the fact that you have much more interesting
or lucrative things to do (answering interrogatories; writing a
brief), than being diligent in protecting information. Appoint
a single person to coordinate security issues. Annual employee
comprehensive cybersecurity training is an inexpensive first step
that is starting to be required by insurance policies. Have a security
audit performed - another stipulation you will increasingly see in
insurance policies. Penetration testing may not be necessary. The
expense of testing has to be weighed against the likelihood of an
attack.
Clients – and potential clients – are becoming increasingly
sophisticated at asking for disclosure of security arrangements
before hiring counsel (please make sure that the client is real and
not a phishing attempt). They know that 2.6 terabytes of client
information, much of it sensitive, had been released after an intrusion
into the Mossack Fonessa law firm in Panama.
Small firms inadvertently increased their security by moving to cloud
based systems and storage. While the decreased cost of operating in
the cloud motivated changes, cloud systems provide more security
because they employ cadres of professionals dedicated to keeping
systems safe. No firm can afford such expertise.
BRINGING IT ALL BACK HOME
When it comes down to it, what we really have is information, and
the technology that can either help us get to where we need to be as
practitioners, and as advisors to our clients with those same needs,
or that can be used against us and our clients, leading to millions
in losses, decimated reputations, and untold damage from which
www.atlantabar.org THE ATLANTA LAWYER
17