Cybersecurity: An Ethical Responsibility

Cybersecurity: An Ethical Responsibility

There’s no mistaking it: cybercrime is exploding, and the numbers are staggering. Last year alone, for example, nearly 1 million new malware threats were created each day. In spite of this, the legal world has been bafflingly slow to make changes to their information security. Jefferey Brandt, a celebrated law firm IT expert and blogger, referred to the state of law firm cybersecurity as “abysmal”. Reports like the International Legal Technology Association Survey show alarmingly low efforts to incorporate common safeguards like two-factor authentication, encryption, or intrusion detection tools.


Lawyers have a duty to keep the information that passes through their firms private. Too often, however, lawyers have failed to take measures that protect that information. The ABA Model Rules of Professional Conduct now require “a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties”. The most important reason for this is the responsibility of lawyers to maintain client confidentiality. Closely tied to it is the responsibility to be competent, allowing a lawyer to protect said confidentiality.

Though these rules establish a clear ethical duty to the client, they do not offer specific standards of what is considered sufficient protection. The ABA recommends that lawyers discuss those standards openly with their clients, with transparency about their firm’s security technology and practices. In addition, lawyers should be well-versed in the nature of the information security they offer and be willing to follow policies and procedures that protect a client’s data.

In the event of a breach, a firm will need to show that it has made reasonable efforts to keep its databases secure. By being proactive about incorporating essential security elements now, you will be able to prove your firm has met those efforts. This includes using encryption, having clear policies in place, using incident detection and prevention tools, and properly educating your personnel.

As a lawyer, your responsibility to protect online data is clear. By taking steps now to improve your cybersecurity, you fulfill that duty and protect both your clients and your firm.
Visit and complete the form to request a FREE Cybersecurity Assessment during the month of October for your legal firm in order to be aware of your firm’s vulnerabilities before it is too late.