Cyber Security in Legal Hot Topic at Roundtable

Salt Lake City—These days, cyber security is forefront in the minds of nearly every industry, and the legal industry is no exception. Representatives from over 20 local and national firms, as well as the Utah Attorney General’s office, gathered Wednesday morning at Holland and Hart’s downtown offices as part of Utah Business’ annual legal roundtable to discuss topics such as data security, local business development, financial matters and billing, pro- and low-bono work, and the future of law education in the state.

“In an era when everyone is trying to make their name as being the next WikiLeaks, the one place we don’t want them to find that information is through that client’s law firm,” said Lee Wright, president at Kirton McConkie. “We’re investing significant resources and time into our cyber security and data security. We also look to our director of IT to spearhead that, but it is a management issue. It’s something that needs to be observed from the very top. You can’t just push it to your IT guy and say ‘Make sure we’re protected.’ There’s a great deal of training that also needs to be put in place.”

Cyber security has evolved and continues to evolve daily as threats are no longer neutralized by simply telling employees not to send money to Nigerian princes, as Eric Maxfield, administrative partner for Holland and Hart put it. Law firms are targets for high-tech hacking and breeches due to the sensitive nature of the information kept by firms. Maxfield related the story of a firm that had been hacked and all its data taken ransom by an unscrupulous international hacker. The stakes, he says, have been raised so much higher than they ever have been before.

“We’ve gotten to the point where, not only have we taken on some of these measures that are offered, but our lawyers can’t use Gmail or Hotmail email addresses. We have a lot of requirements imposed by our banking clients, which are great structures to have,” he continued. “I think this is going to be an issue that law firms have to deal with for a long time. This isn’t going away.”

It’s an issue the state of Utah takes seriously, said Attorney General Sean Reyes. Even well-meaning employees can accidentally put their firms at risk when a hacker is crafty enough. Reyes mentioned that Frank Abagnale, Jr., a con-man turned American security consultant (perhaps best known for his life story in the movie Catch Me if You Can), will sometimes illustrate his point by fooling Fortune 50 company employees into picking up planted jump drives and putting them into their work computers to see who they belong to. When the jump drive’s contents immediately seize the computer, Abagnale’s message is clear: well-meaning motions, like checking to see whose lost jump drive you found, can cost your company millions.

“As things make us ever more connected, think about all the more vulnerabilities and points there are. I applaud Utah firms for being out in the forefront. I’ve seen firms become leaders in this space, and compete on a national and international level, because this is such a critical issue,” said Reyes, who said his office is working with the FBI, SEC, and other entities to keep citizen data safe. “Public servants are working hard in this area to keep Utah on the cutting edge, to protect everyone.”

But the truth is that high-tech malware or shady hackers aren’t always the way security is being threatened. Careless motions like leaving sensitive documents by a printer, dropping a file on a train or having a conversation on a crowded elevator can be just as foolish as picking up that lost jump drive.

“What I’ve found is it’s the low-tech ways that people manage to get information from you is easier and scarier,” said Shantelle Argyle, executive director of Open Legal Services, who mentioned that people don’t care when their Uber driver hears them talking, or when they become loose-lipped at bars. “Be careful who you’re sending a text message to. We’ve had discovery breaches because they’ve sent it to the wrong email account. It was a counsel on a different case. Just having HR training is really important, because yes, someone can hack your system—but someone can just sit next to your paralegal at lunch.”

The roundtable was moderated by Angelina Tsu, VP, legal counsel, at Zions Bancorporation. Read the full discussion from the legal roundtable in the Utah Business June edition.