FCBA Site's Hacking Highlights Importance of Cybersecurity for Lawyers, Experts Say
A recent hacking of the FCBA’s website underscores the importance of lawyers improving their cybersecurity, said industry attorneys and security experts during an FCBA event Monday. Lerman Senter attorney Deborah Salons, a member of FCBA’s Privacy and Data Security Committee, said she discovered Thursday that FCBA’s website was hacked after a friend alerted her. FCBA’s standard website had been replaced by images and music indicative of a connection with the terrorist group ISIS, though there’s no official confirmation that ISIS or an affiliate was responsible for the incident, Salons said. It’s likely the attack isn’t attributable to ISIS but instead to a group “just spreading the word,” said Wade Woolwine, cybersecurity firm Rapid7 manager-strategic services.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Salons said she quickly notified FCBA Executive Director Kerry Loughney about the cyberattack and they subsequently called in Rapid7 to mitigate the attack’s effects. FCBA was able to quickly get its website restored and similar hacking incidents “are not uncommon,” Woolwine said. Salons said she was concerned the cyberattack would expose FCBA members to malware that had the potential to endanger member attorneys’ confidential records, something that didn’t turn out to be the case in the FCBA incident. But the attack showed “these things can happen,” Salons said. “You don’t think they can happen to you, but they happened to the FCBA.”
Incidents like the attack on FCBA “happen to everyone” and victimized websites are typically targeted randomly by automated systems, said Heather West, head of CloudFlare’s public policy division. Everyone in the legal profession “needs to be thinking about this stuff in a far deeper way than they have been,” West said. Although many industries need to deal with cybersecurity more seriously, it’s especially important for lawyers to up the ante because they “have a particularly interesting set of information that folks would really love to get their hands on,” she said. The legal community ranked as the seventh-most vulnerable industry in Cisco’s 2015 annual security report and 80 percent of the 100 largest law firms have reported experiencing a data breach, West said.
The risk of data breaches touches many of the American Bar Association’s ethics rules, particularly those on maintaining the confidentiality of client records, said Pepper Hamilton lawyer Hope Comisky. A lawyer isn’t supposed to reveal information on his representation of a client unless the client provides informed consent, and is bound to protect confidential information, Comisky said. The ABA adopted amendments to its ethics rules in 2012 that require lawyers to make “reasonable” efforts to protect confidential client records from data breaches and to inform clients about the risks of technology. Sensei Enterprises Vice President John Simek urged lawyers to institute cybersecurity measures beyond basic levels, including encrypting all data on their office computers and instituting two-step logins where possible.