Attorney ethics rules require 
                   “reasonable efforts” but 
                   data breach statutes 
                   typically have more teeth 
                   Protect yourself by 
                   implementing basic security            TAKEAWAYS
                   steps such as encrypted 
                   email and good passwords
                   Prepare a plan for when an 
                   inevitable breach happens
                     DEFINITIONS
                     •  RANSOMWARE IS A FORM OF MALWARE DESIGNED TO ENCRYPT FILES ON A DEVICE, RENDERING ANY FILES 
                        AND THE SYSTEMS THAT RELY ON THEM UNUSABLE. MALICIOUS ACTORS THEN DEMAND RANSOM IN 
                        EXCHANGE FOR DECRYPTION.
                     •  SPEAR PHISHING IS AN EMAIL OR ELECTRONIC COMMUNICATIONS SCAM TARGETED TOWARDS A SPECIFIC 
                        INDIVIDUAL, ORGANIZATION OR BUSINESS.
                     •  VPNS ENCRYPT YOUR INTERNET TRAFFIC AND DISGUISE YOUR ONLINE IDENTITY. THIS MAKES IT MORE 
                        DIFFICULT FOR THIRD PARTIES TO TRACK YOUR ACTIVITIES ONLINE AND STEAL DATA.
                     •  SSL ENCRYPTS THE DATA BEING TRANSMITTED SO THAT A THIRD PARTY CANNOT "EAVESDROP" ON THE 
                        TRANSMISSION AND VIEW THE DATA BEING TRANSMITTED. ONLY THE USER'S COMPUTER AND THE SECURE 
                        SERVER ARE ABLE TO RECOGNIZE THE DATA. 
                     •  CLOUD COMPUTING IS THE DELIVERY OF DIFFERENT SERVICES THROUGH THE INTERNET. THESE RESOURCES 
                        INCLUDE TOOLS AND APPLICATIONS LIKE DATA STORAGE, SERVERS, DATABASES, AND NETWORKING. 
                 LAW FIRM DATA BREACHES
                 •  LAW FIRMS ARE GENERALLY TARGETED                              •   29% OF LAW FIRMS EXPERIENCED A DATA 
                    FOR TWO REASONS:                                                  BREACH, ACCORDING TO THE 2020 ABA 
                 •  FIRST, THEY STORE AND USE HIGHLY                                  CYBERSECURITY REPORT. ADDITIONALLY, 
                    SENSITIVE CLIENT INFORMATION WHILE                                21% OF RESPONDENTS WERE UNCERTAIN 
                    OFTEN USING INFERIOR SAFEGUARDS                                   WHETHER THEIR FIRM EXPERIENCED A 
                    COMPARED TO THE CLIENT                                            BREACH.
                 •  SECOND, THE INFORMATION LAW FIRMS                             •   36% OF FIRMS WERE INFECTED WITH 
                    HOLD IS OFTEN MORE USEFUL AND                                     VIRUSES, SPYWARE, AND MALWARE. 26% 
                    LESS DIFFICULT TO PARSE THROUGH                                   OF FIRMS WERE UNAWARE WHETHER 
                    FOR HACKERS                                                       THEY WERE INFECTED.
                                                                                  •   HIGH PROFILE DATA BREACHES
                                    In 2018, Hiscox learned of a 2016 data breach of 
                                    its law firm, Warden Grier
                                    Warden Grier did not notify Hiscox themselves
                                    Hiscox asserted four claims: Breach of contract, 
   HISCOX V. WARDEN GRIER:          breach of implied contract, breach of fiduciary 
   AN ILLUSTRATIVE EXAMPLE          duty, and negligence
                                    The case is currently at the Summary Judgment 
                                    stage after the contract claims were voluntarily 
                                    dismissed
                                    Warden Grier argued it paid the ransom
                  Destruction or loss of files
                  Costs for repair fees
                  Downtime and loss of billable hours
   DATA BREACH 
   CONSEQUENCES   Temporary loss of network access
                  Loss of website access
                  Replacement of hardware and software