Excerpt from the Hawai'i State Bar Association's E-Newsletter on Cybersecurity

A Message from Hawaii State Bar Association (HSBA) President?Jesse Souki

Aloha HSBA Members:

January flew by, and we are already more than halfway into February—Happy Valentine’s Day, and I hope your team did well in the Superbowl!

Unfortunately, you may have read the e-blast from HSBA regarding a phishing attempt using my name with a false email address. “Phishing,” according to the U.S. Federal Trade Commission, is when “scammers use email or text messages to trick you into giving them your personal and financial information.” Scammers use this approach to pry away personal information like bank accounts and social security numbers. This is not the first time this has happened, and it will not be the last, as scammers become more sophisticated and take advantage of new technologies like AI. However, we can protect ourselves. Read more about phishing here.?

Cybersecurity is a pernicious problem for firms and clients. According to a 2022 survey of 265 organizations by the Association of Corporate Counsel Foundation, “twenty-two percent of companies now employ an in-house counsel with responsibility for cybersecurity—up 10 percentage points since 2018.” And, “Damage to reputation (77 percent), liability to data subjects (61 percent), and business continuity (51 percent) are the most immediate concerns with regard to a data breach.” Read more here.?

The U.S. Cybersecurity and Infrastructure Security Agency has a webpage dedicated to lawyers with resources for responding to emerging cyber and infrastructure security threats. The site includes information regarding applicable regulations and technical approaches to uncovering malicious activity and mitigation steps according to best practices. Read more here.

David G. Ries wrote a helpful article entitled, Cybersecurity for Attorneys: The Ethics of Securing Your Virtual Practice, in the American Bar Association (ABA) Law Practice Division’s periodical, Law Practice Today. Ries references ABA Formal Opinion 477R, Securing Communication of Protected Client Information, which recognizes hacking and data loss in terms of not “if” but “when” it happens. Opinion 447R notes that law firms are targets of hacking and data loss, because “they obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client,” and “the information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client.”

Aside from phishing, Ries lists other cyber threats, including “spearphishing, ransomware, business email compromise, supply chain/third-party compromises, and lost and stolen laptops, smartphones, and portable devices.” The article surveys lawyers’ ethical and common law duties to take competent and reasonable measures to safeguard client information. In short, Ries recommends “designing, implementing, and maintaining an appropriate risk-based cybersecurity program.”

HSBA has offered CLEs on cybersecurity from time to time. One CLE available online is Protect Your Firm From Catastrophic Cyber Attacks, presented by Tom Kirkham, Founder and CEO of IronTech Security. You can watch it at your own pace.

Keep yourself, your family, and your clients safe by keeping up with cybersecurity issues. Mahalo and stay safe.

Note: HSBA's collection of E-Newsletters can be perused at the HSBA Communications webpage.