30862CI - Page 12

Cybersecurity Law The Next Frontier in Legal Specialization According to NATO Review Magazine, one of the first recognized internet worms to affect the world’s fledgling cyber infrastructure was the Morris Worm. Discovered in 1988, it largely impacted computers in the United States. Robert Tapan Morris, who created the worm to demonstrate the inadequacies of then-current security measures on computer networks by exploiting security defects he had discovered, was the first person convicted under the United States Computer Fraud and Abuse Act. 10 Q4 - 2017 www.ParalegalToday.com By Sherry Karabin Over the years, hackers have launched a number of cyber attacks against governments, federal agencies, and public officials, many of which the public may not have heard about or may not remember. But the 2013 attack on discount retailer Target, in which hackers stole credit and debit card data from up to 40 million customer accounts, fired one of the first warning shots that consumers were at risk. The massive breach cost Target $18.5 million to settle claims by 47 states and the District of Columbia. It was later discovered that the names, addresses, and phone numbers of 70 million customers were also taken, increasing their risk of identity theft. In 2014, an attack on Sony Pictures initially led the studio to cancel the release of “The Interview,” which portrayed a satirical plot to assassinate North Korean leader Kim Jong-un. The movie was later released, but the hack exposed emails and personal details of some of the most well known stars. Cyber attacks are becoming all but commonplace today, and it appears no target is off limits — hospitals, nuclear power plants, and the most recent U.S. presidential election, in which the Russians allegedly sought to influence the outcome. IBM’s 12th Annual Cost of Data Breach Study shows that while the global average cost of a data breach is down 10 percent to $3.62 million, the average size of breaches has increased by 1.8 percent, to more than 24,000 records. Law Firms are Prime Targets Law firms are far from immune to cyber attacks. As early as 2009, the FBI warned firms that they were being targeted by organized cybercriminals. In 2011, about 80 major law firms experienced cyber attacks, and in November that year the FBI invited 200 of the nation’s largest firms to discuss the rise in attacks against them and concerns that hackers targeted firms as a “backdoor” to obtain sensitive information about their clients. The American Bar Association’s 2016 Legal Technology Survey Report shows that 14 percent of respondents reported a data breach at their firm. In the case of firms with more than 500 lawyers, 26 percent experienced some type of breach. Pam Woldow, principal at the consulting firm Legal Leadership, says law firms are especially appealing to hackers. “Law firms hold a treasure chest of information ranging from trade secrets to non-public information about mergers and acquisitions, sales and other transactions,” says Woldow. “This is especially true of some of the larger firms, which have very high profile clients.” An Emerging Legal Specialty Former Concord Law School professor Richard Hermann says cybersecurity is quickly becoming the overriding concern for law firms and their clients. Hermann served as director of the Federal Interagency Task Force on Computerizing Government Emergency Legal Authorities in the mid-1980s. “The task force focused on putting together a database of emergency legal authorities that every agency could go to if there was any event from a flood to an attack on the United States,” he says. “I remember at the time that we were concerned about protecting the database we were creating.” This emerging specialty isn’t just about protecting law firm data, however, but also about legal professionals as partners in the cybersecurity protection of their clients’ data. Daniel Filler, dean of Drexel University Kline School of Law, explains, “Regulations in the area of data privacy are expanding rapidly, and the European Union has strong new data privacy regulations that are coming online over the next two years.” Filler says a number of firms are developing cybersecurity practices to address client concerns surrounding breaches, which will open up the field for lawyers and paralegals. “On the client counseling side at firms, lawyers are assisting clients in developing best practices so they can avoid costs associated with breaches and privacy law violations,” he adds. Indeed Chad Mowery, a partner in the Akron, Ohio office of Roetzel & Andress, says he’s received more calls from clients requesting assistance in putting together data breach response plans. “The plans detail who all the players will be should a breach occur and each person’s responsibility,” says Mowery, who focuses on technology, e-discovery, and cybersecurity matters. “The plans include training employees to try and prevent breaches.” “The area is changing,” adds Mowery. “As recently as five years ago, this was seen as more of an IT issue; now it’s more of a corporate issue that all businesses need to address.” Additionally, technological advances and their possible consequences for consumers and corporations are further driving growth in cybersecurity law. Filler explains that as technology continues to expand, laws and regulations will change as well. “We are already starting to see wearable technology and implantable devices that have connections to the web and carry very intimate data,” says Filler. “Self-driving cars are also on the horizon, which I foresee creating new legal issues surrounding loans and credit. For example, what happens when the car buyer fails to make a payment and the car is programmed to drive itself back to the dealership? We need to train lawyers and others in the field to prepare for these upcoming changes, which will transform the area /www.ParalegalToday.com