Just like other businesses, law firms have a duty to report to their clients about cyberintrusions. Forty-seven states require notice to those affected. Law firms are not exempt, but many lawyers do not appear to understand the disclosure obligation. Lawyers must learn how to communicate with IT folks, so they can reduce their vulnerability — and if a breach occurs, they must follow the law.
Lawyers help their clients as they negotiate confidential business transactions, hold intellectual property, manage funds and litigate disputes, among many other business activities. In the ordinary course of business, lawyers also maintain numerous confidential documents and data of and about their clients.
As a result, lawyers have a big bull’s-eye drawn on their backs, visible to cybercriminals. The worst part is that most lawyers do not realize how vulnerable they are, since few lawyers understand IT security and cyber-risks. As a result, many do not properly protect that confidential information.