Member Benefits

• Publication year: 2022
• Pages: 0050
• Citation: Vol. 27 No. 4 Pg. 0050

Member Benefits No. Vol. 27 No. 4 Pg. 50 Georgia Bar Journal February, 2022

Fight Back Against the Hack

Businesses of all sizes have fallen prey to cyber criminals, and the legal profession is no exception. Take these steps to protect your data.

BY R. SCOTT REID

No business or industry is immune to a cyber-attack or data breach. Ninety-five percent of the Fortune 500 companies in America—as well as numerous government agencies such as the Internal Revenue Service, the Central Intelligence Agency, the Defense Department and even the White House—have been hacked or had data compromised.

Businesses of all sizes have fallen prey to cyber criminals, and the legal profession is no exception. Attorneys are required to comply with state and federal data security laws, regulations and standards that describe the ways in which data must be protected and define what constitutes a "data breach."

For example, in Georgia, a data breach encompasses any way that information is lost, stolen or inadvertently disclosed. This means your computer systems do not have to be "hacked" to have a data breach. This includes things like laptop theft, lost USB memory sticks or portable drives, a lost mobile phone containing confidential client data and an email containing confidential information that is inadvertently sent to the wrong person—as well as the theft or improper disposal of paper documents.

Take the First Step

Given the many ways in which business data can be compromised, protecting it can be a challenge. The first step is to acknowledge that your business is at risk. Your clients and business partners—and state and federal regulators—all expect you to be able to safeguard confidential and private information.

Also, lawyers are held to a higher level of ethics and standards, which hold them responsible for ensuring the confidence all information gained in the professional relationship with a client.

Information security risks should be addressed in the same way that you address other business risks. Your business property is insured against damage, fire and theft. Your confidential information should be similarly protected.

Have a Risk Assessment and Compliance Audit

Having an independent, third-party risk assessment can help you identify potential threats; see where you are out of compliance with federal, state and industry requirements for information security; and identify areas where you are most vulnerable. In addition...