Law firm data is a favorite target for hackers. They have already done significant damage to major firms which you would think would be impenetrable. Are YOU ready? 

The National Law Review dubbed 2016 the “Year of the Breach” for law firms.  It was, the paper said, “the year that law firm data breaches landed and stayed squarely in both the national and international headlines.” The incidents ranged from lost or stolen hardware to “deep intrusions exposing everything in the law firm’s network.”

Is the legal industry applying the same protections as other industries? Given the volume of confidential business deal and intellectual property information and the troves of potentially damaging client material – civil and criminal –the legal industry is a particularly sweet target for hackers.

One recent survey revealed that 80% of lawyers don’t know their obligations when they receive a misdirected message.

And, according to the ABA Legal Technology Survey, 26% of law firms polled said they were breached in 2016.  One firm lost terabytes of data that was embarrassing and damaging to companies, celebrities and world leaders. Another firm was slammed with a class action when it failed to protect sensitive client data.

Of course, it’s not like other industries have data security all buttoned up. Despite the proliferation of cybersecurity firms, the billions spent to guard networks, and the many thousands of regulations, 80% of CISOs believe their security programs aren’t enough to defend against the current armies of hackers, some of which are backed by foreign governments. It also widely accepted that 70% of companies accept that will have a breach within two years.

The questions persist:

  • Are law firms adequately prepared to defend data that is in such high demand?

  • Lawyers are used to confidentiality, but what’s changed? What’s stayed the same?

  • What is a law firm’s ethical obligation for pre-breach preparation?

  • What is the appropriate level of fortification for your practice?

  • What are the “reasonable safeguards” for a given matter?

  • How well do law firms leverage technology?

  • What about training for attorneys?

Join us and learn

Join our panel panelist as they address these questions and more, as well as your questions, during one of the RSA Law Firm Security events being held around the country.  The first will take place Dec. 5, 2017, in Washington, DC, followed by an event the following day, on Dec. 6, 2017, in New York.

Event Schedule

1:00 pm
Registration & Refreshments

1:30 pm
Privacy & Security at the Law Firm

In this segment our panel will discuss the concept of “privacy vs. security”; the common weaknesses and unique risks facing law firms; and speak to the advice law firm should provide to their clients. 

3:00 pm
Refreshment Break & Meet the Speakers

3:30 pm
Ethical Considerations in the Context of Law Firm Data Security

Starting with amendments to the ABA’s Model Rules of Professional Conduct in 2012, the legal profession has responded by enacting new ethics rules, creating new obligations for attorneys to take proactive measure to protect client confidential information. So far, 30 states have adopted the ABA’s new Model Rules. What you will learn: 1. How ethics rules regarding accidental disclosure of confidential information have changed in the last two decades in response to the rising use of the Internet, electronic storage systems, and email; 2. Attorney obligations under the new rules; 3. How these recently amended ABA Model Rules, especially 1.6(c) and 4.4(b), have been adopted or modified by various states; 4. The implications of these new rules for legal malpractice claims, in light of Shore v. Johnson & Bell; and, 5. How to implement substantive change programs to ensure individual and firm-wide compliance.

4:30 pm
Recommendations for Law Firm Preparedness

In this segment our panel will discuss best practices around network security preparedness; mitigation of risk; incident response; attorney and staff education; and the appropriate use of technology solutions. 

5:15 – 6:45 pm
Networking Reception

Meet the Speakers

As Vice President of Global Services at RSA — the nation’s oldest pure-play cyber security firm — Doug Howard leads and supports RSA’s Global Services Organization which is made up of the RSA Risk and Cybersecurity Practice, Professional Services, Customer Support, Education Services, Partner First Services Enablement, the RSA Advanced Cyber Defense Practice, and the world’s leading Incident Response Practice. He also provides leadership support for RSA’s strategic vision and global operational execution across the business. Doug has 25 years of experience as a technology leader and innovator in security, IT, telecom, and business continuity. He has held leadership roles in operations, engineering, business strategy development, marketing and sales, including as CEO and president. RSA is the leading provider of intelligence-driven security solutions, helping organizations mitigate the risks of operating in a digital world. RSA and its partners help organizations navigate the journey from average to excellent with more secure and compliant protocols and systems, by continually reducing their threat exposure, and by rapidly mitigating risks through detection, investigation and response.

A unique Washington lawyer, Evan D. Wolff  of Crowell & Moring LLP possesses the hands-on experience in the technologies and policies that govern the cybersecurity space and is an authority on cybersecurity and privacy regulations. Evan served as an advisor to the senior leadership at the stand-up of the Department of Homeland Security. He is a highly sought-after lawyer for leading defense, energy and manufacturing companies and a thought leader on federal government initiatives in public and private sector coordination in addressing cyber issues. As Crowell & Moring’s Privacy & Cybersecurity Practice Co-chair, Evan advises companies on network security, investigation coordination after intrusions, data breaches, and insurance issues. Evan recognizes that despite best efforts cyber incidents happen, so he takes an innovative approach to developing blended legal, technical, and governance mechanisms so companies are prepared with a rapid and comprehensive response. This includes conducting incident simulations and developing incident response plans. He has advised companies and their boards on more than 100 data breaches, managing the legal, technical, and management aspects of those responses. Evan believes in building a community and is co-chair of the ABA’s Homeland Security Law Institute and senior advisor to the ABA Committee on Law and National Security; advisor to The Chertoff Group; an adjunct professor at George Mason University School of Law; a fellow with the Woodrow Wilson International Center for Scholars; and a member of the Sandia National Lab External Advisory Board, the U.S. Chamber of Commerce National Security Task Force, and the Aspen Institute’s Homeland Security Group.

Peter Norman comes to the session with an invaluable combination of law and technology education and experience — as well as intimate knowledge of the ethics issues in the space where law and technology meet.  Peter is co-founder of Winnieware LLC, a software company that develops user-centered solutions to common problems faced by lawyers and other professionals. The company’s flagship product is ReplyToSome, a Microsoft Outlook add-in application that helps users avoid accidentally sending emails to the wrong people. Before co-founding Winnieware, Peter was a lawyer at the firms Arent Fox and Milbank Tweed, and in-house at SunEdison, focusing on large, multi-party, cross-border project finance, M&A, distressed debt, and private equity transactions. Now based in Philadelphia, Peter has written and spoken extensively about lawyers’ ethical responsibilities for protecting confidential information in his capacity as Winnieware LLC’s Managing Member and Chief Legal Officer. Peter has a JD from New York University School of Law and a BA in Philosophy from Yale University.