The Legal Tech Institute at the Harris County Law Library has just released a new video CLE. Practical Cybersecurity for Lawyers is the latest addition to our Learning On-Demand CLE library, where you can earn CLE credit in Texas while staying up to date on legal tech. Visit the Law Library's Legal Tech Institute page for more on our legal tech learning opportunities.
Friday's massive cyber attack exposed the fragility of our IT infrastructure and reminded us to aggressively fortify our digital vaults. The WannaCry ransomware that has taken down computers across the globe is causing perhaps the most prolific cyber attack to date, and it is expected to get worse.
Protecting your personal data is important, but securing the privileged information entrusted by clients is absolutely essential. From solo and small firm practitioners to large legal and business institutions, the need for data protection is a real concern. According to BakerHostetler's second annual Data Security Incident Response Report, phishing/hacking/malware accounted for 43% of all 2016 cybersecurity events at the more than 450 institutions they examined. Ransomware was the biggest development of last year accounting for 23% of all network intrusion incidents at the companies represented in the study, and the attacks show no sign of abating. Last week's WannaCry incursion is just one example of this growing threat.
Fortunately, the BakerHostetler report provides a broad range of lessons for identifying threats and mitigating risks. It advises firms to establish best practices for "compromise readiness."
- Focus on the basics.
- Develop education and awareness programs.
- Implement data inventory and risk assessment procedures.
- Share threat warnings with those in your firm.
Suggested further reading:
- Law Firm Cybersecurity (2017) -- ABA Book Publishing / Solo, Small Firm and General Practice Division
- Will Ransomware Attack Make Law Firms ‘WannaCry’? (May 15, 2017) -- The American Lawyer
- Law Firms Must Manage Cybersecurity Risks (May 2, 2017) -- ABA Journal
- Preparing for Ransomware Attacks: Your Company is a Target (April 3, 2017) -- Nine steps to getting prepared
- The Ransomware Epidemic in Law Firms (February 10, 2017) -- Legal Technology Today podcast
- Protecting Yourself from Ransomware and Cyber-attacks (Sep/Oct 2016) -- ABA GPSOLO
January is Data Privacy and Information Security Law Month at the Harris County Law Library. All month long, we are promoting the data privacy resources in our collection to raise awareness of the need for data security in the practice of law. We are also featuring relevant electronic sources, including the Cybersecurity Law Institute at Georgetown University, and the Cybersecurity Law Report, both of which are freely available on the Internet.
The Law Library's subscription databases provide access to even more good resources, including legislative histories of key cybersecurity laws. HeinOnline has just added several new cybersecurity law resources to its U.S. Federal Legislative History Library. The new collection, Legislative Histories of Cybersecurity Laws Enacted by the 113th and 114th Congresses (William H. Manz, ed.) (2016) is a compilation of eight laws enacted in 2014 and 2015 including:
- Cybersecurity Workforce Assessment Act
- Cybersecurity Enhancement Act of 2014
- National Cybersecurity Protection Act of 2014
- Federal Information Security Modernization Act of 2014
Four additional Acts grouped into the Cybersecurity Act of 2015 are also part of the compilation. The legislative histories include the text and chronology of the Acts, bill versions, related bills, committee reports, congressional debates and hearings, GAO reports, and presidential materials.