Non-Private Law Firms

“Risk comes from not knowing what you’re doing.” Warren Buffett

As treated here, Risk refers to virtual risks- hidden dangers that are inherent in our electronic ecosystem. Each time that businesses and/or consumers utilize technology there is an associative risk accompanying that activity, regardless of whether that action it is simply entering information into a cloud database, downloading a file, or purchasing products- the risk of exposing systems to intrusion is great; hence, nowhere is the above adage more apropos than when it comes to computing.

Each week we see more and more technology developed to streamline business processes and/or with the claim of enriching our lives. Increasingly the legal community, much like industries before it, continues to incorporate technologies into its practices- albeit a bit more hesitantly than sectors like finance, banking and healthcare; yet, according to the ABA 2015 Legal Technology Survey Report, many lawyers and firms have not implemented elementary security measures considered basic by security professionals and that are used quite frequently in other professions.  Consequently the number of data breaches in law firms has increased- in detailing the alarming number of law firm breaches, the aforementioned report states that 80% of the top 100 largest law firms have been breached[i] and these are firms with in-house I.T. departments.  For some this statistic is startling, but not for the information security [InfoSec] community, on the contrary it comes as little surprise, particularly given the lack of general technological understanding in the legal community, as well as, the relatively late (in comparison to other industries) adoption of technology.

One might wonder why lawyers and law firms are such tempting targets. This question was recently addressed by prolific freelance blogger Jai Vijayan[ii] as he mused over this very question and spoke with one Mr. Jake Olcott, VP, BitSight[iii] and former counsel to the House of Representatives’ Homeland Security Committee. Mr. Olcott indicated that law firms, in addition to holding mountains of sensitive data, lack dedicated information security practitioners, as well as, the budget to properly implement information security programs and incident response plans (codified post-breach procedures). So for firms facing this circumstance here are a few suggestions:

start small- begin by understanding what it is that you have then classify the data in terms of importance, next partner with someone in the information security field (this is not your contracted network administrator who in all likelihood lacks little, if any knowledge of information security) to get a vulnerability assessment- which differs from a Pen Test in that the practitioner will not attempt to break into your system- only identify where your weaknesses lie, look for organizations- educational, non-profit and governmental that disseminate free guidance materials and webinars on the topic, and finally, check out periodicals such as Dark Reading, which offers comprehensive up-to-the-minute coverage on security together with information on vulnerabilities and application weaknesses. Equally important to remember is that software alone is no panacea otherwise, conglomerates such as Sony, Yahoo, Target and Wendy’s International would not have been breached- they own cutting-edge network security software!

While none of the aforementioned measures alone will guarantee 100 % safety, they do serve as preventative steps in the fight against attacks- much as the acts of brushing and flossing serve to prevent tooth decay and later heart disease should the infection spread into the bloodstream. Malware that spreads into a system can lock up the network, preventing the firm from accessing documents and files- a crippling blow to business.

With an estimated 1, 365, 561 lawyers in the country- according to the American Bar Associations’ statistics- it behooves the legal community to work toward a solid understanding of, and grasp on, information security, especially given the legal community’s fiduciary duty to protect the sensitive data of its clients. It is only by acknowledging the lack of awareness then taking the requisite steps to becoming informed that this community will shore up its virtual doors.  Consider this, firms take precautions against the thief that might physically walk through the door or climb through a window, so why not develop measures against those who are coming in virtually?

Wondering how intruders get in, what behaviors they exhibit, and what you and your staff can do beforehand? Then stay tuned for future installments of Non-private Lawyers and Firms.

---

[i] ABA Legal Technology Resource Center. ABA Tech Report 2015. Chicago: American Bar Association, 2015. PDF.

[ii] Vijayan, Jai. “Law Firms Present Tempting Targets For Attackers.” Vulnerabilities. Dark Reading.com, 12 April 2016. Web. 15 April 2016.

[iii] BitSight is a company aggregating, analyzing, and rating the security performance of companies and organizations across the globe.

What Is A Paralegal

Nine steps to prevent a cyber security breach

Though not comprehensive in the sense of guidance directly from the information security field, this article nonetheless provides useful tips and at least gets the legal community thinking about the issue. The practice of law does not exist in a vacuum and therefore is not exempt in terms of vulnerabilities to data breaches.



Nine steps to prevent a cyber security breach

The thing about law firms.

http://businessoflawblog.com/2016/04/law-firm-studies/

Electronic Health Records (EHR) Incentive Programs - Centers for Medicare

Incentives designed to motivate providers in the adoption of electronic systems.





Electronic Health Records (EHR) Incentive Programs - Centers for Medicare

Missing court deadlines and legal malpractice

Careful Who You Hitch Your Wagon To

A law firm has just installed the latest and greatest case management program. The attorneys and paralegals diligently attended all of the training classes required to master the new software program. All client and case mater information was uploaded into the new program. However, when inputting data, one of the paralegals entered the wrong date for a court hearing on the opposing party's motion for summary judgment. The opposing party won its motion by default because the law firm failed to appear on behalf of its client. What ethical issues, if any, are raised by this scenario?

Recently the above question was posed to us In a Computer Law class here at Columbus State. In this class we review the various software applications utilized by law firms and other legal organizations.   naturally questions arise regarding the risks and ethics associated  with such use. This scenario prompted me to research the legal industry’s disciplinary process and respond thusly:

Although an honest mistake, this clerical error is a blatant  act of malpractice. Why? Because it worked to the detriment of the client and violated one of the industries’ principle edicts: Competence. The American Bar Association’s Model Rules of Professional Conduct, both  its Preamble and Preface address quality of representation, with the latter clearly stating its continued goal of assuring the “highest standards of professional competence and ethical conduct.” (American Bar Association 2013).

Missing a filing deadline- whatever the reason-  has serious consequences, some of which are irreversible; others not. For example, say in a personal injury claim where a statute limits the time within which a person can file a claim- this individual, or group of individuals, might forever be barred from pursuing their legal matter, or in the case of a bankruptcy- it could be discharged if the attorney fails to file documents within the specified time period, as was the case with one Jennifer Hassall when her attorney Beauregard Maximillon Harvey failed to respond to the bankruptcy trustee’s motion to deny a discharge Toledo Bar Assn. v. Harvey, 141 Ohio St.3d 346, 2014-Ohio-3675. Harvey was charged with violating Ohio’s Rules of Professional Conduct Rule 1:1 Competence. Indeed a perusal of our own high court’s website reveals a plethora of cases throughout all of Ohio’s counties where attorneys are either charged with, or have been sanctioned for, this and other infractions. According to the Ohio Supreme Court’s Board of Professional Conduct, attorney malpractice claims were up last year by 33% over the previous year.

And while such misconduct can, and sometimes does, result  in punishment for the legal practitioner or firm ( reprimands, suspensions, fines, or forfeiture of legal fees),  the outcome of such behavior can have  dire consequences for the client. In one instance, a widow lost her home to a sheriff’s sale when the attorney representing her failed to file a timely answer in a foreclosure action Komorowski v. John P. Hildebrand Co., L.P.A., 2015-Ohio-1295. Initially the trial court granted summary judgment for the defendant, but this decision was reversed by the 8^th District Court of Appeals, Cuyahoga County . In another case, a group of employees suing their former employer for wrongful termination, had their complaint dismissed after the attorney missed a filing deadline; in this instance, the disciplinary board conditioned the attorney’s reinstatement upon a full restitution to this group of clients Dayton Bar Assn. v. Scaccia, 141 Ohio St.3d 35, 2014-Ohio-4278.

So concerned is the American Bar Association with the issue of malpractice that, through its Young Lawyer’s Division it frequently includes programming designed to inform new attorneys  about the perils of unethical conduct and avoidance of the same. In a presentation entitled “Avoiding the Summons…”, held in the Spring of 2014, it outlined the top 10 behaviors constituting malpractice, breaking each down by percentages; coming in 2^nd at 23% was “missing deadlines.”

These are just a few of the many instances of ethical misconduct found at the Ohio Supreme Court’s Board of Professional Conduct’s website http://www.supremecourtofohio.gov/Boards/BOC/default.aspx there are infinite more.  Promising though is the American Bar Association’s efforts toward education and prevention- together with local bar associations it strives to make inroads into reducing, if not completely eliminating careless acts and/or wanton behavior leading to malpractice.

In essence what I learned was that- while there were no specific cases, or at least none that I discovered, centering on clerical or data entry errors as the impetus behind ethics charges- missing a deadline, regardless of reason, is grounds for claims of malpractice, for it falls below the duty of care expected of legal practitioners; moreover, it can have detrimental effects on clients, and in turn, on the community at large.

An interesting aside is that while researching this issue, it occurred to me that this is great information for the consumer; yet, as I mulled it over-, it is equally important information for the paralegal looking for work, as it offers a glimpse into the abilities and integrity of potential employers. With an estimated lawyer population of some 39,000 here in Ohio- according to the ABA’s most recent statistics- we must be careful, to borrow a pre-industrial phrase, about who we hitch our wagons to.

References: 

Center for Professional Responsibility. Model Rules of Professional Conduct.  Chicago: American Bar Association, 2015. Book.

CourtNewsOhio TV. “An Increase in Legal Misconduct Complaints.”  Video clip.  YouTube. YouTube, 17 February 2015. Web. 20 Oct. 2015

Beougher, Stephanie. Cases “Dayton Lawyer’s License Suspended.” Abstract. CNO: a service of The Supreme Court of Ohio & Ohio Government Telecommunications . 131982. October Issue (2014): 3. Court News Ohio. Web. 20 Oct. 2015

Trevas, Dan. Cases “Eight District: Legal Malpractice Cases Allowed to Continue.” Abstract. CNO: a service of The Supreme Court of Ohio & Ohio Government Telecommunications . 1295_1305. April Issue (2015): 3-5. Court News Ohio. 20 Oct. 2015

Lessell, Melissa & Murphy, J. Logan. “Avoiding the Summons: Top 10 Legal Malpractice Pitfalls & Ethical Traps (Ethics CLE).” 2014 Spring Conference. Pittsburgh, PA. 16 May 2014. Chicago. American Bar Association.  Print

American Bar Association. “ABA National Lawyer Population Survey 2005- 2015”. Lawyer demographics table. 2015. Chicago. American Bar Association. PDF file.

SANS Fellow and Cyber Security Expert Dr. Eric Cole