This document provides guidance on law firm security and compliance. It discusses why cybersecurity is important for law firms, including ethics duties to protect client data and maintain operational continuity. Several key risks are outlined, such as employees and outside actors. The document recommends that law firms implement reasonable security controls and policies to comply with standards like ABA Formal Opinion 477R. It also advises that firms prepare for potential security breaches by conducting tabletop exercises, coordinating an internal response, and preserving forensic evidence while avoiding hastily disconnecting from networks.
While many legal professionals have seen powerful benefits of the transition to a hybrid/remote practice, there’s always room to improve. And for those who are still operating only out of a physical office space, it can be a daunting leap to make.
Join industry experts to discover how to run a successful virtual law firm. In this webinar, you’ll learn about the:
- Benefits of building a virtual law firm
- Ethical and regulatory requirements to follow
- Technologies to help you work efficiently and elevate the client experience (along with resources to guide you)
Learn how to create email campaigns that help you be top of mind for current and future clients.
When it comes to marketing your law firm and growing your revenue, one of the most powerful and cost-effective tools you can use is email marketing.
Why? It allows you to market to people in your network and keep them up to date with the latest events happening at your law firm. And that has the potential to build deeper relationships, drive repeat business, generate referrals, and more.
See how Clio’s cloud-based legal software helps family lawyers like you streamline work so you can focus on what matters the most—being there for your clients.
Running (or starting) a law firm has never been simple—but today, firms face an especially unique set of challenges. Clients have higher standards for new tech-enabled communications, and many firms have shifted to distributed business operations and service models.
Whether you’re starting your own law firm or you’re already practicing at an established firm, being aware of these modern demands—and how to meet them—is essential.
Join this free 1-hour session with Emma Raimi-Zlatic, Clio’s Senior Affinity Partnerships Manager, and Amy Grubb, owner of a successful legal consulting firm, to learn what your law firm needs to not only survive—but thrive—this year and beyond.
In this free webinar, you’ll learn:
- Key business planning, registration, and budgeting essentials for modern law firms
- Strategies for building and marketing your unique firm brand
- Tips to implement a specialized intake experience that converts more clients
- Recommendations on how to leverage technology to support law firm growth
While many legal professionals have seen powerful benefits of the transition to a hybrid/remote practice, there’s always room to improve. And for those who are still operating only out of a physical office space, it can be a daunting leap to make.
Join industry experts to discover how to run a successful virtual law firm. In this webinar, you’ll learn about the:
- Benefits of building a virtual law firm
- Ethical and regulatory requirements to follow
- Technologies to help you work efficiently and elevate the client experience (along with resources to guide you)
Learn how to create email campaigns that help you be top of mind for current and future clients.
When it comes to marketing your law firm and growing your revenue, one of the most powerful and cost-effective tools you can use is email marketing.
Why? It allows you to market to people in your network and keep them up to date with the latest events happening at your law firm. And that has the potential to build deeper relationships, drive repeat business, generate referrals, and more.
See how Clio’s cloud-based legal software helps family lawyers like you streamline work so you can focus on what matters the most—being there for your clients.
Running (or starting) a law firm has never been simple—but today, firms face an especially unique set of challenges. Clients have higher standards for new tech-enabled communications, and many firms have shifted to distributed business operations and service models.
Whether you’re starting your own law firm or you’re already practicing at an established firm, being aware of these modern demands—and how to meet them—is essential.
Join this free 1-hour session with Emma Raimi-Zlatic, Clio’s Senior Affinity Partnerships Manager, and Amy Grubb, owner of a successful legal consulting firm, to learn what your law firm needs to not only survive—but thrive—this year and beyond.
In this free webinar, you’ll learn:
- Key business planning, registration, and budgeting essentials for modern law firms
- Strategies for building and marketing your unique firm brand
- Tips to implement a specialized intake experience that converts more clients
- Recommendations on how to leverage technology to support law firm growth
Are you looking to enhance the client intake processes at your firm?
By automating repetitive tasks and streamlining communication channels, you can efficiently manage client inquiries, provide timely responses, and create a smooth experience for potential clients.
Join us for a live product walkthrough with Clio's product experts, Aamnah Izhar and Alice Wang, as they showcase how to:
Leverage text messaging and automated emails for seamless communication
Streamline and log communications for efficient tracking
Integrate Clio Grow with MailChimp to optimize client engagement
Plus, you'll learn how to unlock the full power of Clio, and achieve seamless firm management, by syncing Clio Grow and Clio Manage.
Smarter Ecommerce 1.0 by John Batistich.pdfjbatistich
Learn how to optimise your ecommerce site. Use the checklist to identify opportunities to improve the customer experience and drive quality traffic, conversion and average order value. Retailers need to pull every lever to drive higher performance, optimising measurement, traffic, home page, navigation, onsite-search, product details page, checkout, delivery, returns, and personalised relationship with high value lifetime customers.
Customizing Clio to Support Your Family Law Practice
Family practice lawyers juggle a lot of responsibilities. Not only do they act as advocates, litigators, and financial advisors, they also counsel their clients through high-stress and emotionally turbulent times. With so much riding on the outcome of every case, family practice lawyers need to strike a balance between running a business and managing the expectations and requirements of their clients. Clio’s family law practice management software facilitates these needs, creates time, and simplifies the flow of a case for lawyers and their clients.
Join Joshua Lenon, Clio’s Lawyer in Residence, and Jennifer Reynolds, Divorce Lawyer and founder of Fresh Legal, as they explore how Clio helps streamline the practice of family law. In this one-hour webinar you will learn how to:
- Customize your Clio account to create a family law specific workflow
- Maximize your productivity using using automated actions in Clio
- Integrate complimentary family law tools into your Clio account
Pitch Deck for Locorum, a marketing platform that connect local business with customers who are located cloth to them. Purpose of the presentation: to raise money. Build on BaseTemplates Pitch Deck Template.
Lexop has developed a Certified Email solution that allows legal and real estate professionals to deliver notices via email instead of paper, using real-time tracking and instant legal proof-of-delivery.
Rahul Shrivastava from Cyient Ltd. will tell you: -
• How to know and target the right customer?
• How to put in efforts in the right areas to generate results?
• Knowing which audiences to focus on the most
Presentation to the Texas Bar CLE program on Contract Drafting, Review and Negotiation on December 5, 2017 in Austin, Texas, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
Are you looking to enhance the client intake processes at your firm?
By automating repetitive tasks and streamlining communication channels, you can efficiently manage client inquiries, provide timely responses, and create a smooth experience for potential clients.
Join us for a live product walkthrough with Clio's product experts, Aamnah Izhar and Alice Wang, as they showcase how to:
Leverage text messaging and automated emails for seamless communication
Streamline and log communications for efficient tracking
Integrate Clio Grow with MailChimp to optimize client engagement
Plus, you'll learn how to unlock the full power of Clio, and achieve seamless firm management, by syncing Clio Grow and Clio Manage.
Smarter Ecommerce 1.0 by John Batistich.pdfjbatistich
Learn how to optimise your ecommerce site. Use the checklist to identify opportunities to improve the customer experience and drive quality traffic, conversion and average order value. Retailers need to pull every lever to drive higher performance, optimising measurement, traffic, home page, navigation, onsite-search, product details page, checkout, delivery, returns, and personalised relationship with high value lifetime customers.
Customizing Clio to Support Your Family Law Practice
Family practice lawyers juggle a lot of responsibilities. Not only do they act as advocates, litigators, and financial advisors, they also counsel their clients through high-stress and emotionally turbulent times. With so much riding on the outcome of every case, family practice lawyers need to strike a balance between running a business and managing the expectations and requirements of their clients. Clio’s family law practice management software facilitates these needs, creates time, and simplifies the flow of a case for lawyers and their clients.
Join Joshua Lenon, Clio’s Lawyer in Residence, and Jennifer Reynolds, Divorce Lawyer and founder of Fresh Legal, as they explore how Clio helps streamline the practice of family law. In this one-hour webinar you will learn how to:
- Customize your Clio account to create a family law specific workflow
- Maximize your productivity using using automated actions in Clio
- Integrate complimentary family law tools into your Clio account
Pitch Deck for Locorum, a marketing platform that connect local business with customers who are located cloth to them. Purpose of the presentation: to raise money. Build on BaseTemplates Pitch Deck Template.
Lexop has developed a Certified Email solution that allows legal and real estate professionals to deliver notices via email instead of paper, using real-time tracking and instant legal proof-of-delivery.
Rahul Shrivastava from Cyient Ltd. will tell you: -
• How to know and target the right customer?
• How to put in efforts in the right areas to generate results?
• Knowing which audiences to focus on the most
Presentation to the Texas Bar CLE program on Contract Drafting, Review and Negotiation on December 5, 2017 in Austin, Texas, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Although Sony seemed to dominate the cyber-security headlines of 2014, it was just one of many corporations infiltrated by an increasingly sophisticated and driven pool of hackers. J.P. Morgan Chase, Home Depot, and Target also top the list of businesses struggling with data breaches.
The most recent major cyberattack against Anthem Healthcare shook the insurance industry. In a rare show of honesty, the insurer began alerting customers and the media to the potential of a data break just eight days after it first noted suspicious activity on Jan. 27, 2015.
Immediately upon discovering it had been attacked, Anthem jumped to address the security vulnerability, contacted the FBI, and hired leading cyber-security firm Mandiant to evaluate its systems, said president and CEO Joseph Swedish in a statement.
Noting the importance of protecting financial institutions, New York's Department of Financial Services responded to the Anthem breach by announcing its intent to integrate regular assessments of cyber-security preparedness at insurance companies as part of its examination process. It will also enforce "enhanced regulations" on insurers based in New York.
"Recent cyber security breaches should serve as a stern wake up call for insurers and other financial institutions to strengthen their cyber defenses," said Benjamin M. Lawsky, New York State's superintendent of financial services, in a statement. He continued, "Regulators and private sector companies must both redouble their efforts and move aggressively to help safeguard this consumer data.“
Most people might expect that larger insurers, given the sensitive customer information they handle, would boast robust cyber-security programs. This is not necessarily true.
As part of its investigation, the Department found that 95% of insurers already think they have sufficient staff for information security, and just 14% of CEOs receive monthly briefings on data security. Anthem, the nation's second-largest health insurer, had not even encrypted its database containing nonmedical data. It claims that the HIPAA did not require it to do so.
While experts believe that Anthem was exclusively targeted in its attack, there is no doubt that all financial institutions are at risk. Here are eight things to know as the industry enters a year of increasingly heightened cyber-vulnerability.
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
Continuing legal education (CLE) presentation regarding data confidentiality, information security, computer forensics and legal ethics in light of technology-related changes made to the American Bar Association's Model Rules of Professional Conduct.
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure?
An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place.
This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data.
Part of the webinar series:
CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSPreetiDevidas
Triggered by the corona virus lock down, the abrupt transition to a work from home ( W F H) venue forced organizations to scramble to support a larger remote workforce. Such a quick shift means that certain security measures and requirements inevitably fell by the wayside. At the same time, cybercriminals found a new opportunity for attack with remote workers and improperly secured connections and technologies. Together, these trends have created a more vulnerable environment affecting the cyber security defenses of many organizations.
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
Security professionals often struggle with the ‘double intangibility’ of security - the intangibility of risk and intangibility of protection.
Changes hearts and minds often requires legislation and new compliance frameworks to motivate investment.
New Zealand's new Privacy Act comes into play on 1st December 2020 and there are ways security professionals can leverage new aspects including mandatory breach notifications to focus efforts on securing personal information and preventing privacy harms.
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
In today’s digitally interconnected world, the term “data breaches” has become all too familiar. Whether it’s a small-scale business or a multinational corporation, no organization is immune to its threat. These breaches can wreak havoc on a company’s finances, reputation, and customer trust. Understanding what they are, how they occur, and most importantly, how to prevent and respond to them, is paramount for businesses of all sizes.
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
Your master data is essential to the smooth operation of your business. But it is also valuable to others. Master data is vulnerable to both internal and external attacks. As the future of business and data is increasingly cloud-based, we explore five fundamentals to ensure the security of your data.
With more than 50% of clients turning to search engines to find a lawyer, Google’s Local Services Ads in Clio are a simple, cost-effective way to appear when and where clients are searching.
Join Elyse Goldman from Google and Joe Runkle from Runkle Law at our upcoming webinar to see how you can start attracting the right clients today, without having to be a marketing expert.
You’ll learn:
What Google’s Local Services Ads are and how they work
How to appear at the top of Google search results to attract high-intent leads in your area easily, and at the right price
How this firm used Google Local Service Ads in Clio to get a return-on-investment of 10x on his marketing dollars
See how Natasha Nazareth (Founder of Nazareth Bonifacino Law) and Mechelle Woznicki (Founder of Woznicki Law) use Clio Grow with Manage to:
Prepare for time off and get work done ahead of time
Automate tasks to be completed while their out
Set their firm up for success with a coverage plan
Say goodbye to summer-work stress and embrace a worry-free vacation with the power of Clio Grow.
Owning and operating a solo practice comes with its own unique challenges. Since client experiences are still fast-evolving, solos need to find new ways to distinguish themselves from larger firms—and to stay at the forefront of innovation.
This report looks at what distinguishes solos across multiple perspectives—including financial performance, personal and professional well-being, and client relationships.
What is your law firm doing to stand out and stay ahead of the latest legal trends in 2023? This free webinar can help you to decide.
Join our experts for a deep-dive into the 2022 Legal Trends Report, where they discuss how to use the report’s findings to set your law firm and employees up for success.
Learn the biggest takeaways from Clio’s research, including:
How law firms are navigating an increasingly competitive landscape
Employment trends and what today’s legal professionals have to say about their workplace
What clients look for when hiring a lawyer
The latest product releases and updates across Clio Manage, Clio Grow, and Lawyaw.
Clio strives to transform the legal experience for all, including saving you time so that you can have a work-life balance. 2023 is just around the corner so why not gear up for the new year by optimizing your firm to reclaim your time back!
In this session, you’ll learn about the top features and releases across Clio Manage, Clio Grow, and Lawyaw this year. You’ll hear from Clio product experts who will go over how you can reduce the top time wastes modern law firms face.
This webinar will cover the following areas and more:
Clio Manage: Texting messaging, tasks, user permissions, calendars, billing, account reconciliation, court rules and reports
Clio Grow: Pipeline, automated reminders and website builder
Lawyaw: Court forms, reusable templates and e-signatures
Your law firm has been operating for one year: now what? Join Clio and four intrepid founders as they discuss how to go from start-up to established success story.
You know your firm provides exceptional legal services—do your prospective clients know that? Learn about driving great experiences that lead to 5-star reviews and help your firm stand out from the competition.
Your law firm is unique and your practice management software should enable you to work the way you want to work. A lot of legal software makes you work in a prescriptive way, but Clio has the tools and integrations to give you the choice to do things your way.
It’s why Clio and Klyant are coming together for our next webinar Clio App Spotlight: How Clio and Kylant integrate to provide a compliant and remote law firm solution.
Join this 1-hour deep-dive into the 2022 Legal Trends Report to discuss what the data means and how to use it to set your law firm and employees up for success.
See how firms like yours are turning stress into collection’s success by using these features already in your account that handle time-consuming billing tasks for you.
Managing the client intake process can be a challenge for many firms with administrative work surmounting to long nights and short weekends. Clio Grow helps you optimize your processes so you can work less and make more!
With Clio Grow’s intuitive and easy-to-use interface, anyone can become an expert. Join attorney Mechelle Woznicki as she provides real life examples of maximizing your time with Lean Law principles.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
Law Firm Security: How to Protect Your Client Data and Stay Compliant
1. Law Firm Security: How to
Protect Your Client Data
and Stay Compliant
Host: Joshua Lenon
2. Housekeeping
● Session length: 60 minutes
● Recording & slides emailed tomorrow (*CLE is only available for the live
webinar/ the recording is NOT eligible for CLE)
● Use to engage with fellow webinar attendees
and select “Everyone” in the dropdown
● Use to ask questions directly to panellists
● Please fill out the survey at the end of the session
3. CLE / CPD Information
To qualify for credit, you must:
1. Be logged in on your own device under the email/name you registered with
(cannot share logins).
2. Attend the entire live webinar.
3. Participate in the polls during the live session.
*If you have met the participation requirements, you will receive a personalized
CLE/CPD affidavit from mcle-clio@americanbar.org for the webinar you attended
to completion. Please check your spam or junk folders as these emails often end up
there. Please note you have to fill out an affidavit for each individual webinar. Once
you complete the affidavit, you will be able to download your certificate(s) of
attendance and they will be emailed to you as well from
mcle-clio@americanbar.org.
4. Law Firm Security: How to
Protect Your Client Data
and Stay Compliant
Host: Joshua Lenon
5. Lawyer in Residence
5
Joshua Lenon
TODAY’S SPEAKER
● Attorney admitted into New York
● Certified Privacy Professional
● @JoshuaLenon
6. ● Executive Director for CREST International
(Incident Response / Penetration Testing /
Security Operations)
● CIO for Mandlebaum Barrett PC
● A Certified CLIO Solutions Consultant
● United States Marine Veteran
● @brennantom
6
Tom Brennan
TODAY’S PANELIST
Email: tom.brennan@crest-approved.org
Phone: 1+ (973) 298-1160
12. Model Rules of Professional Conduct
● Rule 1.1 – Competency
○ [8] “lawyer should keep abreast of changes in the law and its
practice, including the benefits and risks associated with
relevant technology…”
● Rule 1.6 – Confidentiality
○ “lawyer shall not reveal information relating to the
representation of a client unless the client gives informed
consent, the disclosure is impliedly authorized in order to
carry out the representation…”
13. Ethics Opinions
ABA Formal Opinion 477R - Securing Communication of
Protected Client Information
ABA Formal Opinion 482 - Ethical Obligations Related to
Disasters
ABA Formal Opinion 483 - Lawyers Obligations After an
Electronic Data Breach or Cyberattack
14. ABA Formal Opinion 477
Understand the Nature of the Threat.
Understand How Client Confidential Information is Transmitted and Where It Is Stored.
Understand and Use Reasonable Electronic Security Measures.
Determine How Electronic Communications About Clients Matters Should Be Protected.
Label Client Confidential Information.
Train Lawyers and Nonlawyer Assistants in Technology and Information Security.
Conduct Due Diligence on Vendors Providing Communication Technology.
15.
16. Avoid Using Public
Internet/Free Wi-Fi
Use Virtual Private
Networks (VPNs) to
Enhance Security
Use Two-Factor or
Multi-Factor
Authentication
Use Strong
Passwords to
Protect Your Data
and Devices
Assure that Video
Conferences are
Secure
Backup Any Data
Stored Remotely
Security is Essential
for Remote
Locations and
Devices
Users Should Verify
That Websites Have
Enhanced Security
Lawyers Should Be
Cognizant of Their
Obligation to Act
with Civility
17.
18.
19.
20. 20
Managing cost is the
biggest issue in cloud
usage
When asked about the most important initiatives
in their organizations pertaining to public cloud
adoption, 30% of all respondents said “managing
cost.” Further concerns were:
● modernizing applications (19%)
● performance optimization (13%)
● cloud migration itself (11%).
35. Law Firm are Targets
Hackers are intentionally targeting law firms, and are likely to continue doing so for the foreseeable future. Headlines have exposed recent
breaches at some large and prominent firms, like Goodwin Proctor, Seyfarth Shaw, Cadwalader, and Peabody & Arnold. But, it would be a
mistake to believe that hackers targeted only those types of firms. The lists maintained on the websites of the Attorneys General for New
Hampshire and Massachusetts reveal that hacks of small and medium sized firms are far more common and damaging.
● Campbell Conroy & O'Neil serves a large array of Fortune 500 companies, including Ford, Boeing, Exxon Mobil,
Quest Diagnostics, Liberty Mutual, Johnson & Johnson, Walgreens, Monsanto, FedEx and Coca-Cola, among others.
The hack was first detected on Feb. 27, sparking an investigation, the firm said in its disclosure
https://www.cnn.com/2021/07/19/tech/ransomware-law-firm/index.html
● The U.S. Attorneyʼs Office for the District of New Jersey has charged a California man with money laundering after
a New Jersey law firmʼs email account was hacked and $560,000 was fraudulently obtained from a client of the firm.
https://www.law.com/njlawjournal/2021/03/18/law-firm-hacked-560000-stolen-from-client/
● McCarter & English Suffers Data Security Incident. An internal email confirmed that attorneys at the New Jersey firm
lost access to email and remote work systems. Meanwhile, Pennsylvaniaʼs Stevens & Lee is grappling with the
consequences of a 2021 breach
https://www.law.com/americanlawyer/2022/04/19/mccarter-english-suffers-data-security-incident/
● Hackers have stolen and leaked files belonging to the Jones Day law firm, one of the largest law firms in the world.
The firm famously and controversially worked on some of Donald Trumpʼs immediate challenges to the 2020 election
results
https://www.vice.com/en/article/88a7jv/hacker-leaks-files-from-jones-day-law-firm-which-represented-trump-in-el
ection-challenges
36. Are you compliant with reasonable controls?
● American Bar Association Formal Opinion 477R - In the context of electronic communications, lawyers
must establish policies and procedures, and periodically train employees, subordinates and others assisting
in the delivery of legal services, in the use of reasonably secure methods of electronic communications with
clients.
● Payment Card Industry Data Security Standards (PCI DSS) – Information security standard for
organizations that handle branded credit cards from the major card schemes.
● Health Insurance Portability and Accountability Act (HIPAA) (including Omnibus Rule) – ensures equal
access to specific health and human services and protects the privacy and security of health information
● The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the
European Parliament, the Council of the European Union, and the European Commission intend to
strengthen and unify data protection for all individuals within the European Union (EU).
● California Consumer Privacy Act (CCPA) – Privacy rights and consumer protection for residents of
California.
● DFARS 252.204-7019 requires primes and subcontractors to submit self-assessment of NIST 800-171
controls through the Supplier Performance Risk System (SPRS)
38. What Can You Do to be Proactive?
● Partner with accredited providers and
Certified individuals
● Measure your business controls to a
commercially reasonable framework.
(Example NIST Cyber Security
Framework, Center for Internet Security
V8)
● Conduct quarterly tabletop exercises
and document outcome and corrective
actions like a fire drill.
● Establish basic organization policy, build
procedures and put in place controls.
● Budget for People, Process and
Technology
41. You have been BREACHED now what?
PRESERVE — COORDINATE — RESPOND
Do not disconnect
Many targeted data breaches go on for months before detection. When a compromised system is hastily
disconnected, it is highly probable that the attacker will compromise additional systems to establish new forms of
persistence that may go undetected, or they may have already prepared backdoors for these situations.
Attacker behavior is likely to change, and a game of "whack-a-mole" may ensue once they know they have been
detected. This is why the natural reaction of wanting to swiftly disconnect all affected systems can be
counterproductive in the long term.
If a computer must be disconnected, ensure that a forensic image (including a memory image) of the system is
preserved prior to disconnecting from the network.
42. Continued…
PRESERVE — COORDINATE — RESPOND
Formulating a response to a data breach requires internal communication and coordination within your
organization. At a minimum, key players from IT, security, legal, management and public relations must be kept
informed of the status of the data breach.
Each player fulfills key functions that enable the investigation, the formulation of a response and the
communication with regulatory agencies as well as customers. In some cases, if there is reason to believe internal
network communications may be compromised, out-of-band communication and collaboration channels should
be established and utilized by the response team
43. Regulation
All 50 states, the District of Columbia, Guam, Puerto Rico, and the U.S. Virgin Islands have established data breach
laws to protect consumers. These laws generally require organizations to notify individuals in the case of a data
breach involving certain personal identifying information. In addition, the following topics are also addressed in many
data breach notification laws:
● Notice to the Attorney General: Some states require a notice be sent to the state attorney general or a state
agency informing them of a breach.
● Time-Sensitive Notification: States have differing requirements on when and how notifications must be sent
out to individuals.
● Risk of Harm Analysis: Some states allow for exceptions to their notification requirements upon an assessment
of the risk of harm to the affected individuals.
● Encryption Safe Harbor: States have different laws affecting the definition of a breach and the notification
requirements based on whether the data was encrypted.
● Paper or Electronic: States also differ as to whether their laws affect only electronic materials, paper materials,
or both.
44. Continued..
When determining whether to pursue a data breach matter, attorneys general may consider several criteria:
● Violation of statute
● Severity and scope
● Remedies available
● Legal value of the case
● Resources
The severity and scope of a data breach is an important component attorneys general must consider when
pursuing a data breach case. Additional factors include:
● Data sensitivity
● Number and type of consumers affected
● Impact on consumers
● Is the harm ongoing?
● Can the compromised information be modified to the detriment of the consumer?
● How culpable is the entity for the breach?
● Liability for vendors or third-parties
45. Continued..
Following a successful action against a company in violation of data breach laws, attorneys general may pursue
different remedies:
● Injunctions: Companies may be required to take steps to protect consumer data, or update their systems and/or
corporate governance.
● Civil penalties: Most state consumer protection laws list penalties for each violation.
● Consumer restitution: This could include free credit monitoring or freezes.
● Attorneys fees/costs.
46. What should I look for?
1) User reports of suspicious activity such as clicking on
a phishing link, lost/stolen media or device.
2) Web server log entries that indicate the use of a
vulnerability scanner.
3) Antivirus software alerts detecting that a host is
infected with malware.
4) A network administrator noticing unusual network
traffic flow.
5) An email administrator noticing a large number of
bounced email messages with suspicious content.
6) An application logging multiple failed login attempts from
an unfamiliar remote system.
7) A hostʼs audit log recording a change in its configuration.
8) A threatened attack upon the firm from a hacktivist or
similar group.
9) An announcement of an exploit targeting known
vulnerabilities of the firmʼs mail server.
10) A network intrusion detecting sensor alerting of a buffer
overflow attempt on a database server
https://www.crest-approved.org
50. ABA Ethics Rules Relevant to Cybersecurity
Model Rule 1.1 - Competence
Model Rule 1.3 - Diligence
Model Rule 1.6 - Confidentiality
Model Rule 5.2 - Supervisory Responsibility (lawyers and
non-lawyer assistants)
51. Laws and Regulations to Which Attorneys are Subject
● 50 State (and D.C.) Breach Notification Laws
● State Privacy Law
● Cybersecurity Laws (e.g, NYCRR Part 500)
● HIPAA
● Regulatory Discipline
● Malpractice
● Civil Class Action
52. Risks I
•INTERNAL
•Employees, Associates, Contractors (domestic and…)
•Service Providers and MSPs
•EXTERNAL
•Former employees, associates, and contractors
•TECHNOLOGY
•Work from home
•Remote/virtualized work
53. Assessing and Addressing Risk
ASSESSING RISK – allows a lawyer/firm to provide a reality check on which risks are real and which are
unlikely. This process helps an organization focus on its resources as well as on the risks that are most likely
to occur.
ACTING ON THE RISK
•RISK ACCEPTANCE – Risk acceptance is the choice that you must make when the cost of
implementing any of the other responses exceeds the value of the harm (financial AND non-monetary)
that would occur if the risk came to fruition. To truly qualify as acceptance, it cannot be a risk where the
lawyer or law firm is unaware of its existence; it has to be an identified risk for which those involved
understand the potential cost or damage and agree to accept it.
•RISK MITIGATION – Implementing controls to mitigate risk. (Never total)
•RISK TRANSFERENCE – Insurance, Contract indemnification, etc. (Not perfect)
•RISK AVOIDANCE – Avoiding the activity that creates the risk (Not possible)
54. What Attorneys Need to Hear
● Information is your most valuable asset – protecting it is an essential business function
Even for law firms
● Information compromise – is far costlier than managing risk
● Do you have defensible security over your information?
● Failure to identify, assess and manage risks can result in many types of civil liability and
regulatory penalties
● Cyber insurance may not cover losses AND WONʼT PUT YOU IN STATUS QUO ANTE
● Ransomware payments may invoke government scrutiny and enforcement
● Policy development and supervision (disaster and business recovery, backup,
cybersecurity, remote) must be done in lockstep with technology development
56. Clio EasyStart
Track your time and get paid
Everything you need to track your time, bill your clients, and get paid—plus some extras!
Clio Essentials
Optimize firm operations
Includes critical law practice management tools that allow you to work smarter, customize
how your firm gets organized, and communicate with clients and co-counsel.
Clio Advance
Scale your impact
Introduces unlimited access to new productivity tools and more business and financial
oversight. Priority on-call support ensures you get the most out of Clio.
Clio Complete
Grow your business
Scale your business by adding Clio Grow to improve and automate your client intake with
online forms, online appointment bookings, automated emails follow-ups, and more.
Lawyaw
New software for solo, small- and mid-sized legal practices that can help streamline
information gathering and document assembly, along with built-in e-sign and other features.
Visit clio.com/pricing to learn more.
Clio’s Offerings
57. Clio Payments
Clio Manageʼs new online payments platform makes it easy for
your clients to pay online using a credit card, debit card, or
eCheck—without the need for a third-party payment processor.
Clio Drive
Securely create, access, edit, store, and collaborate on
documents without ever leaving your desktop.
Clio for Clients
Clio for Clients, Clioʼs new secure client portal allows you to
streamline communication with your clients.
Text Notifications and Reminders
Use text notifications and reminders to avoid the costly
no-shows and unnecessary administrative overhead that comes
with organizing client meetings.
Visit clio.com/features/whats-new to learn more.
What’s New In Clio
58. Polls for Non-Clio and Clio Customers
Poll 1: For Non-Clio Customers
Would you like to learn more about Clio?
a. Yes, I would like to learn more about Clioʼs products
b. Yes, I would like to learn about the Clio Cloud
Conference
c. No, Iʼm not interested
d. No, Iʼm already a Clio Customer
58
Poll 2: For Clio Customers
Would you like to learn more about:
a. Adding Clio Grow to streamline client intake
b. Adding Clio Payments
c. The Clio Cloud Conference
d. No, Iʼm not interested
or I already use Clio Grow/Clio Payments
59. Additional Resources
59
● Blog: 2022 Law Firm Data Security Guide: How to Keep Your Law Firm Secure
● CLE-eligible webinar: Leveraging Technology to Design Efficient Law Firm
Processes, September 7
● Meetup Series: The Legal Marketing Masterclass Series
● Clio Cloud Conference October 10-11, 2022: Get your pass
61. CLE / CPD Information
To qualify for credit, you must:
1. Be logged in on your own device under the email/name you registered with
(cannot share logins).
2. Attend the entire live webinar.
3. Participate in the polls during the live session.
*If you have met the participation requirements, you will receive a personalized
CLE/CPD affidavit from mcle-clio@americanbar.org for the webinar you attended
to completion. Please check your spam or junk folders as these emails often end up
there. Please note you have to fill out an affidavit for each individual webinar. Once
you complete the affidavit, you will be able to download your certificate(s) of
attendance and they will be emailed to you as well from
mcle-clio@americanbar.org.