Note: In August, Alta Pro presented the webinar “Top 10 Things to Do to Avoid a Data Breach,” which featured an expert panel of cybersecurity professionals explaining how law firms can stay safe. In case you weren’t able to attend, following is Part 2 of our two-part recap of the program.
Training your staff on cyber prevention is a critical step in protecting your law firm from a data breach or attack.
So is making sure your data is always backed up.
Those were two takeaways from the Alta Pro webinar, “Top 10 Things to Do to Avoid a Data Breach.” The panelists were Brandon Abshier and Trenton Gill of Reminger Attorneys at Law and Adam Gwaltney of Ritman Insurance (their bios and contact info appear below).
Want free webinars and CLE opportunities? Become a member of Alta Pro Lawyers RPG. You’ll get access to the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.
Top 10 Things to Do to Avoid a Data Breach
Following is Part 2 of a recap of “Top 10 Things to Do to Avoid a Data Breach”
6. Staff Training and Awareness
Establish a written policy about privacy and data security and communicate it to all employees. Require employees to put away files, log off their computers and lock their offices/filing cabinets at the end of the day. Educate employees about what types of information are sensitive or confidential and what their responsibilities are to protect that data.
It is a good practice to train all personnel and third-party contractors on basic breach response protocol. Additionally, further in-depth training should be provided to members of the internal breach response team.
Remember that the earliest detection allows for the quickest response. All personnel must be trained to recognize that a breach may have occurred and to report it at the earliest possible moment.
7. Stay Abreast with Legal Compliance
- Rule of Professional Conduct 1.1 Competence: “ To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with the technology relevant to the lawyer’s practice …”
- Rule of Professional Conduct 1.6 Confidentiality: “[a] lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent.” The ABA Cybersecurity Handbook says “[t]he obligation is no less applicable to electronically stored information than to information contained in paper documents or not reduced to any written or stored form.”
- Review current business associate relationships and executing written agreements (if not already in place) and by reviewing current policies and procedures related to business associates to ensure there are individuals who are monitoring, negotiating and documenting business associate relationships. Do a risk assessment to identify vulnerabilities or weaknesses in HIPAA compliance. Develop a template business associate agreement to use with covered entities.
8. Backup, Backup, Backup
Create an “out-of-band” backup of files that will allow access to work in case of a malicious encryption.
9. Emails, Passwords, Scams
Social engineering and phishing scams are on the rise. It’s more important than ever to have systems and policies in place to help detect and deter this type of fraud. Since humans are “the weakest link” in the security chain, firm-wide education is the first step toward reducing risk. If your partners and employees are aware of the characteristics of risky emails, they will be more likely to recognize them and avoid becoming a victim.
Here is a roundup of the top-rated password managers.
10. Insurance and Risk Transfer
Know the Pyramid of Protection for your money, data, and professional services:
- Crime Insurance
- Cyber Liability Insurance
- Professional Liability Insurance
- Brandon Abshier practices with Reminger Attorneys at Law, where one area of concentration is data breach/privacy law. A Certified Information Privacy Professional/U.S. (CIPP/US) by the International Association of Privacy Professionals (IAPP), Brandon has received special training in the data breach and privacy fields.
- Trenton Gill practices with Reminger Attorneys at Law in the firm’s Indianapolis office. He represents attorneys and other professionals in professional liability claims and disciplinary/licensing matters. He also counsels clients on a variety of legal issues including labor and employment, insurance coverage, contract creation and negotiation and risk management.
- Adam Gwaltney, Ritman Insurance for Lawyers and Professionals. With more than 21 years in the insurance industry, Adam focuses on professional liability insurance, including Legal Professional Liability, Title Agent Errors & Omissions, and Cyber Liability Insurance. An approved CE and CLE provider, Adam is a frequent guest speaker with the Indiana State Bar Association, the American Land Title Association, and many other lawyer groups on issues of professional malpractice and cyber liability.
Get protection and peace of mind with cyber liability insurance protection. Want a no-obligation quote on coverage to suit your practice needs? Contact Alta Pro Insurance today.