Coinciding with October’s designation as Cybersecurity Awareness Month, the University of South Carolina School of Law created a Cybersecurity Legal Task Force to better inform the legal profession and the public on cyber threat information and strategies to minimize the risk of a cyberattack.
Federal authorities have long warned that law firms are ripe targets for cyber criminals primarily because they hold the crown jewels in information. A September 2015 report from the American Bar Association revealed that 25 percent of law firms with 100 or more attorneys said they have suffered a data breach due to a hacker, website attack, break-in or lost or stolen computer or smartphone. And as hackers become more and more sophisticated in their attempts, that number will increase.
There is no doubt that a data breach can be devastating for any enterprise, but small law firms that fall prey to a cyberattack usually go out of business within six months, says Karen Painter Randall, a 1984 Carolina Law alumna and nationally-recognized expert on cybersecurity who is heading up the task force.
“Law firms should assume breach and be prepared to respond. There are serious consequences of a law firm security breach including loss of sensitive client data, business downtime/loss of billable hours, large fees for remediation including forensic fees, costs associated with having to replace hardware/software and lost clients/business,” Randall says.
Unfortunately, there is no 100 percent effective way to prevent a cyberattack. So law firms must work to protect their information and know what legal responsibilities and professional obligations they owe to the client should a cyber-attack occur. In fact, on Oct. 17, the ABA issued Formal Opinion 483, which reaffirms the duty lawyers have to protect their clients’ personal and confidential information and also outlines the obligations they have to inform their clients after an electronic data breach takes place.
“Knowledge is power in the fight against cyberattacks, and South Carolina Law recognized the need to move to the forefront of cybersecurity research and education,” says Randall, founder and chair of the Cybersecurity and Data Privacy practice group at Connell Foley LLP in New Jersey. “Our main mission is to provide practical guidance to lawyers and law firms of all sizes, law students, and the public on cyber risk, mitigation strategy and incident response to defend against the cyber threat and protect the enterprise.”
To meet this mission, the Cybersecurity Legal Task Force will produce a series of educational programs such as an annual Cybersecurity Institute (the inaugural Institute is currently slated for April 12, 2019 at the School of Law), as well as a series of training webinars, and eventually the creation of a Cybersecurity Certificate Program for students and attorneys. Information sharing with other key universities and organizations also will be explored.
“With its innovative approach to legal education, South Carolina Law has long been at the forefront of change,” says Rob Wilcox, dean of the School of Law. “This task force is another example of how we are continuing to create new opportunities for student learning and engagement while also having an impact on public policy related to these critical issues.
We asked Karen to lead this effort because she has already proven to be so influential in this area at her own firm, as well as through her work with other organizations including the ABA Cybersecurity Task Force and USLAW Network’s Cybersecurity and Data Privacy Group. We’re delighted she has accepted and has helped us attract other national cybersecurity leaders to be a part of this task force,” Wilcox says.
The 15 founding members of the Cybersecurity Legal Task Force—comprising representatives from the judiciary, academia, insurance industry, forensics, security vendors and federal agencies—will come from around the nation to the School of Law for their first meeting Nov. 2.