We lawyers are in the business of gathering, preserving, and safekeeping confidential information. Not long ago that meant keeping our lips zipped and our doors and file cabinets locked. Now we have electronically stored information (ESI) to protect. This issue is dedicated to that responsibility.
Cybersecurity is not an issue solely for big firms with big clients who do big deals. It’s an issue for solo practitioners, small and medium-sized firms, corporate counsel, and government lawyers. We all possess information that might be useful to our clients’ adversaries – or to any number of outsiders.
The sensitive information we may possess includes:
- Case or litigation strategy information;
- Confidential client business information;
- Attorney-client privileged communications;
- Client intellectual property;
- Personally identifiable information in connection with employees, clients, and third parties; and
- Payment card information.
We are required to take reasonable steps to protect this information.
The confidential information we hold faces two primary forms of risk: theft of data and leakage of data. Theft we understand instinctively; leakage we may think about less. Leakage can include insider misuse, loss of an unsecured laptop or mobile device, communication over public or other unsecured networks, or downloading unapproved software that connects to a repository of confidential firm information.
Douglas H. Frazer, Northwestern 1985, is an attorney at DeWitt Ross & Stevens s.c., Brookfield. He is a member of the State Bar Communications Committee, which serves as this magazine’s editorial advisory board, and chairs its Content Subcommittee.
What to do? Read on. In this issue, we examine the many aspects of cybersecurity. Sharon D. Nelson and John W. Simek discuss cybersecurity basics. This includes the steps we must take to safeguard law firm and client information. Aviva Kaiser and Tison Rhine write about the professional responsibility requirements that touch on cybersecurity and summarize top ways to protect our data. Jennifer Rathburn discusses her career path that led to data management, data breach and privacy questions, and security issues – all in the service of helping business clients deal with cybersecurity issues. Bill Brousseau writes about a cybersecurity framework you can use to keep your firm safe from hackers. Jeffrey S. Krause writes about encryption. Tom Watson covers risk management, which includes cybersecurity insurance and the protocol for communicating with clients in case of data breach. Finally, Paula Davis-Laack gives you tools to recharge your mental and physical energy when cybersecurity and other matters drain your batteries.
We hope readers can take away useful pointers and tips and, with a minimum of fuss or expense, incorporate them into their practices.