Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
When the average person opens their email account and starts scrolling through new messages, one wrong click on a suspicious link can allow phishing scammers to obtain access to that person’s personal and financial information.
At a law firm, that same cybersecurity breach could expose a client’s intellectual property or privileged attorney-
client information.
So, in the post-COVID world of remote work, firms and their clients are continuing to beef up their cybersecurity efforts to ensure their data and communications are safe.
According to the American Bar Association’s 2022 Legal Technology Survey Report — which combines data from the annual Legal Technology Survey Report with expert analysis, observations and predictions from leaders in the legal tech field — 75% of all respondents reported having some sort of cybersecurity training at their firms.
Still, in response to the survey question, “Has your firm ever experienced a security breach (e.g., lost/stolen computer or smartphone, hacker, break-in, website exploit)?”, 27% of respondents answered yes.
A security breach doesn’t necessarily mean a data breach, the survey noted, but the point was still clear: Law firms need to take cybersecurity matters seriously not just for themselves, but for their clients’ IP.
Security efforts
At Quarles & Brady LLP’s Indianapolis office, the firm has stepped up its game and put into play several safety measures to make sure its communications with clients are protected.
“We are using security strategies including defense in-depth micro-segmentation, privileged account access, ethical walls and multifactor authentication to protect the firm and its clients,” said Rich Raether, Quarles’ chief information officer, who is based in Milwaukee.
Joel Tragesser, partner in Quarles’ Intellectual Property Practice Group and the firm’s Indianapolis office managing partner, said in general, clients are concerned about the cyber safety of their personal information and intellectual property.
To that end, many clients are reviewing their cybersecurity policies, Tragesser said. Some have even retained security experts to advise them on how to upgrade their systems and on data protection in general.
In the firm’s Indianapolis office, Tragesser said he undergoes security training to ensure his workflow processes to and from clients are secure and result in no data breaches. He also completes regular training modules, including reviews of the firm’s information security policies.
Additionally, Quarles utilizes technology to flag possible phishing scams and malware. Tragesser said he usually flags a suspicious message in his inbox two to three times a week.
Heather Buchta, chair of Quarles’ Intellectual Property Practice Group in Phoenix, said attorneys at the firm are reminded not to open suspicious emails and to report anything unusual to the IT department.
“Hackers know how to look for the weakest link,” Buchta said.
Intellectual property at risk
Indianapolis-based attorney Paul Overhauser heads Overhauser Law Offices LLC. In his experience, Overhauser said there continues to be a growing number of patent applications filed in the United States, putting IP issues directly in the crosshairs of cybersecurity risks.
There were an estimated 73.7 million active trademark registrations worldwide in 2021 — up 14.3% from 2020. That included 37.2 million in China, 2.8 million in the United States and 2.6 million in India, according to the World Intellectual Property Organization.
Patents in force worldwide grew by 4.2% to reach around 16.5 million in 2021, according to WIPO data. The highest numbers were recorded in China, with 3.6 million, the U.S., 3.3 million, and Japan, with 2 million.
As the demand for IP protection grows, Overhauser said he’s read articles about law firms being more frequently targeted by phishing and other suspicious emails. That’s meant more questions from clients about efforts to protect their IP.
“It’s not unusual to get a call from a client and they say, ‘I’ve got an idea and I want to protect it,’” Overhauser said.
There are the basic legal maneuvers that clients employ to protect their inventions, such as confidentiality agreements — which Overhauser has been asked to sign — and/or nondisclosure agreements, which outside contractors like designers or engineers are asked to sign.
But there are also cybersecurity concerns, Overhauser said. To that end, he recently purchased an improved firewall to protect his and his clients’ information.
Using technology to safely communicate, share information
At Quarles, Tragesser said his firm and clients are always looking for the safest ways they can share information securely with each other. That means going beyond email and using tools like ShareFile or similar products to protect communications.
Post-pandemic, Tragesser said he’s noticed more codes and authenticators in use at his office.
“That second level of verification has increased,” he said.
Also, local bar associations have offered seminars to boost awareness about cybersecurity and protecting data and communications, he added.
From Buchta’s perspective, security concerns have increased in general among attorneys in recent years — something she attributes to the increasing sophistication of hackers.
She said she is wary of even having an Amazon Alexa device at home, due to concerns over communications potentially being compromised.
“I’m a data privacy lawyer,” she said. “I refuse to have one of those devices in my house.”•
Please enable JavaScript to view this content.