The Florida Bar Prioritizes Cybersecurity in the Digital Age
Scott Westheimer
At the beginning of my presidency, The Florida Bar created the Standing Committee on Cybersecurity and Privacy Law — the first of its kind — tasked with developing resources for Bar members to achieve “cyber-resiliency” and compliance with ethical rules. It’s the Bar’s good fortune that two celebrated subject-matter experts and the driving force behind the committee, Mandelbaum Barrett partner Steven Teppler, and Saul Ewing partner Franklin Zemel, have agreed to be its co-chairs. The committee’s efforts are especially important for our solos and small firms, which make up an estimated 70% of our membership.
Just as a house needs a strong foundation to support its weight, a law practice needs good data hygiene to support its work. Without a strong foundation, a house can collapse. And without good data hygiene, a law practice can make mistakes that could cost it its reputation.
The legal landscape is rapidly evolving, and we must adapt to meet the needs of our clients in an increasingly complex digital age.
The new standing committee collaborates with other Bar panels to educate lawyers about the escalating threat of data breaches and strategies to minimize them. Since its inception, the committee has been intent on sponsoring an in-depth two-day training seminar that will equip Florida lawyers with the necessary skills to earn internationally recognized data privacy certification. We are working to get that first training set up. During the Bar’s Fall Meetings, the committee unanimously agreed to initiate negotiations with “Privacy Ref,” a Boynton Beach firm specializing in training candidates to achieve “IAPP Certified Information Privacy Professional” status.
In addition to informing you about how to fortify your practice against cyber attackers, we are looking into forming ethical guidelines so that you understand what level of data security is expected in the profession. Cyber-resiliency and the issues surrounding adequate cybersecurity impact all of our daily practices and could bring into play various Rules Regulating The Florida Bar, including but not limited, to 4-1.1 (Competence), 4-1.3 (Diligence), 4-1.6 (Confidentiality of Information), 4-4.4 (Respect for Rights of Third Persons), and 4-5.3 (Responsibilities Regarding Non-Lawyer Assistants). To that end, the committee is discussing a joint program with the Professional Ethics Committee, which sponsors the annual four-hour “Masters’ Seminar on Ethics.” Over the years, a portion of the seminar has addressed a lawyer’s ethical responsibility for data security. The committee formed a working group to explore the potential for seeking a formal Bar ethics opinion regarding what would constitute “reasonable security” for lawyers.
Chairs Teppler, Zemel, and Vice Chair Ioannis “John” Giantsidis come equipped with tech industry certifications and a rare talent for translating jargon. They are eager to continue working with the committee to generate resources that will be quickly shared with the rest of us. Speaking of sharing resources, the committee is also studying the feasibility of an online repository for breaking news that would warn Florida Bar members about emerging cybersecurity threats. The committee directed Bar staff to explore the potential before developing a formal proposal.
The White House recently announced that 40 countries in a U.S.-led alliance will sign the “International Counter Ransomware Initiative.” They pledged never to pay ransom to cybercriminals and to cooperate in efforts to eliminate funding for cybercrime networks. In a virtual press conference, U.S. Deputy National Security Advisor Anne Neuberger said the U.S., with 46% of all known ransomware attacks, is by far the most frequent victim. The cybersecurity committee applauded the new agreement by the U.S. and foreign allies, a strategy long backed by the FBI to financially starve global crime networks.
Cybersecurity experts warn that lawyers, especially solo and small-firm practitioners without their own IT departments, face a constant threat. Bad actors see the legal profession’s trove of sensitive client data as dollar signs.
There are no simple answers for a Florida lawyer facing a cyber ransom demand, especially when paying runs the risk of violating sanctions enforced by the U.S. Treasury Department’s Office of Foreign Asset Control. It’s just one of many issues the Cybersecurity & Privacy Law Committee intends to explore.
We can’t control the changing global cybersecurity landscape but we can help you prepare for an attack. The committee was created to educate lawyers and staff to recognize threats, help understand your ethical duties, develop robust backup systems, as well as create and practice a plan in case your security has been breached. Hope for the best and prepare for the worst, like for a hurricane. We can’t control the weather but we can buy a fan and a flashlight in case the electricity goes out.
As we embark on a new year, it’s imperative that Bar members are equipped with the best tools to serve their clients and maintain an ethical and successful practice. Let the committee help you keep ahead of the cybersecurity curve and your ethical duties. Stay informed!
P.S. The Free Trust Accounting with Nota is live! Please register at www.trustnota.com/TheFloridaBar and you will be contacted to schedule your onboarding session!
