While the frequency of most types of malpractice claims has been relatively static, professional liability stemming from cyber crimes against lawyers and law firms has risen steadily over the past few years. Law firms are particularly rich targets for hackers and cyber fraudsters because they hold so much private, significant, information about so many people and because they often facilitate transfers of large sums of money. It’s a veritable one-stop-shop for the cybercriminal, and it’s the lawyer who ends up holding the bag if lax security or negligence of some other sort leads to harm to the client.
Lawyers aren’t expected to be technological wizards, but they do have an ethical obligation of competency in all aspects of their practice, which includes their use of technology. What does this mean in practical terms? It means that, at a minimum, you must keep informed about the technological threats presented to your systems, and available protections against them, and then make reasonable efforts to employ those protections.
Certainly, hackers and cyber fraudsters are sophisticated and continually changing their methods of attack, and no law firm, especially smaller firms, could be expected to be equally as savvy. But that doesn’t mean you don’t have to try to protect against infiltration of your computer systems and theft or misuse of your client’s information and assets. It would be folly to assume that just because you are a small firm you are less of a target. Every law firm has information that is valuable in the criminal economy. Statistics show that the majority of cybercrimes are crimes of opportunity: hackers look for the most vulnerable, easiest-to-access systems and strike those first.
Those attacks can result in several bad outcomes for you and your clients, ranging from general breaches of confidential information, to the theft of escrow funds, to compromised credit, to identity theft, to an inability to access your own systems causing you to miss deadlines, to name just a few. And any of these scenarios can ultimately lead to claims against you for professional liability.
First and foremost, it is important to understand that, while there are available all sorts of technological tools to address cyber threats, ultimately, the key to cyber security is human behavior. Caution and alertness to the possibility of scams, discipline around what and how you download input onto your devices, adherence to various security protocols, and a willingness to regularly revisit and reconsider your system setup are what will make the difference. We have addressed some of these issues in this space in the past and will do so again in more posts during October, National Cyber Security Awareness Month.
But it is also important to plan for the fact that no plan is perfect. To that end, you should review your current professional liability coverage to determine whether and how much it provides coverage against potential losses arising from cybercrime and other computer system failures.
Coming next: the most common system risks for lawyers and how to respond to them.