Cyber security is an issue that is an alien concept for most lawyers and law firms. They believe that they have nothing to do with cyber security. But this is a misconception because just like other organisation, law firms must also ensure robust security and cyber security for their digital infrastructures and physical locations. Law firms are also required to formulate and strictly implement specific and exclusive cyber security best practices for lawyers and law firms.
Even among those who are aware of cyber security issues, most of the lawyers and law firms consider cyber security an area meant for IT professionals to be managed. They believe that their job is done when the matter is discussed and assigned to the IT guy. However, the problem with this approach is that it ignores the ground reality that cyber security is an organisational goal and not a division/department or individual goal. After all cyber security is as strong and effective as its weakest link and human beings are undoubtedly the weakest link in the cyber security chain.
Now the problem with cyber security is that none can ensure 100% cyber security and if an organisation or individual is claiming so, it/he is not familiar with the concept of cyber security. Whether you are working on Internet or Intranet, cyber security always remains a big security issue. This is more so when social engineering is used to trap employees having access to sensitive and crucial information about an organisation’s database or systems.
Some organisations also allow their employees to work on bring your own devices (BYOD) principle. So even if there is no Internet connection, such device can both introduce a malware and help in stealing of confidential information. Use of personal e-mails for work purposes is also another issue that law firms and other organisations must take care of. Sensitive documents can be e-mailed at personal e-mail ids of the employees of a law firm and can compromise the privacy and data protection safeguards put at place at the organisational level.
At Perry4Law Organisation (P4LO) we take civil liberties and commercial interests of the clients very seriously. This is the reason why we have launched the exclusive techno legal Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) so that techno legal cyber security issues can be managed in most effective manner. However, this level of cyber security and civil liberties protections comes at a cost. For instance, we do not disclose the list or names of our clients publically or even after request from a potential client to ensure best privacy and cyber security. Many clients do not understand the significance of this practice and they misjudge it as lack of expertise/clients. They also fail to understand that we would extend the same level of privacy, data security and cyber security to their own information and documents.
Nevertheless, we at Perry4Law Organisation (P4LO) firmly believe that it is a sane and cyber secure choice to lose new clients than to compromise the privacy and cyber security of existent clients and we would continue this practice of non disclosure.
Perry4Law Organisation (P4LO) and Perry4Law’s Techno Legal Base (PTLB) have also released two cyber security trends in India for the year 2017 for various stakeholders. They can be found at P4LO and PTLB respectively. These trends are also applicable to law firms, lawyers and legal professionals. For instance, use of cloud computing for legal services has both advantages and disadvantages. On the brighter side, we have reduced costs and on the negative side we have issues of data breach, cyber attacks and privacy violations. Thus, a law firm or lawyer must decide what model best serves its purpose. But whatever models the law firm or lawyers chooses, cyber security, privacy protection and data protection must be top priority of such law firm or lawyer. We at Perry4Law Organisation (P4LO) believe that cyber security is more a good procedure and discipline than a combination of hardware and software. Without cyber hygiene, no hardware or software can protect the crucial documents.
Further, we also believe that open source hardware and software are very effective in ensuring cyber security, data protection and privacy protection by law firms and lawyers. Simply because something is free does not mean it is ineffective or weak. Similarly, simply because some company is charging big amount from a law firm or lawyers for cyber security does not guarantee that cyber security would be there. In short, it is not what tool or software you have got but how you use a tool or software for best possible results. In essence this means presence of cyber security skills with good cyber hygiene and best practices.
Those who cannot ensure cyber security best practice culture at their respective law firms can at least ensure the bare minimum safeguards. Perry4Law Organisation (P4LO) and CECSRDI suggest that these safeguards must include upto date antivirus and firewalls, good malware removal tool, end to end encryption of communications and documents, multiple secure channels of documents sharing and management, etc. There are many good and open source alternatives available for all these areas and law firms and lawyers can take benefit of the same. Perry4Law Organisation (P4LO) and CECSRDI hope that law firms and lawyers would find these tips useful and productive.