Legal news and trends for Canadian in-house counsel and c-suite executives
Issue link: https://digital.canadianlawyermag.com/i/1132207
JULY/AUGUST 2019 6 INHOUSE News Roundup N early nine in 10 Canadian lawyers plan to increase cybersecurity re- sources within their firms in order to keep sensitive data safe from breaches, which is a growing concern for the profes- sion in 2019, recent statistics show. Robert Half Legal conducted a survey asking more than 150 full-time lawyers in Canada if their law firm plans to "increase or decrease its budget on cybersecurity- related tools and services in the next 12 months," and 87 per cent of those surveyed say they plan to either slightly or signifi - cantly increase these resources. "Considering the high volume of person- al and sensitive information they maintain, law firms and law departments recognize they are a particular target for cyberat- tacks," says lawyer Charles Volkert, senior district president at Robert Half Legal. "In the wrong hands, this valuable and con- fidential information could prove costly to any organization and cause irreparable damage to their brand and reputation, not to mention the fact that if a law firm loses a client's confidential data to an attack, it could face serious legal and ethics violations as well." The report found that 34 per cent of law - yers plan to significantly increase their bud- get on cybersecurity-related tools and servic- es, 53 per cent say the budget will somewhat increase, 11 per cent say it'll neither increase nor decrease, zero per cent say it'll decrease and two per cent say they don't know. In the similar 2017 version of the survey, only 35 per cent of lawyers had answered that they were looking to increase cyber - security budgets and measures — that's roughly 52 per cent fewer respondents than what's currently reported. Cybersecurity resources are both hu- man-based and technology-based. For in- stance, a firm might hire extra IT staff and cybersecurity consulting experts to assist in this area, as well as providing staff with cyber-awareness training as a learning op- portunity. Additionally, firewalls, threat- monitoring and detection, ongoing security assessments and encrypted email transmis- sion are some technological defences to pre- vent data breaches. It's imperative that firms work closely with IT departments and other consultants, in conjunction to having tech-based solu- tions, he says. At Torkin Manes LLP in Toronto, part- ner Lisa Lifshitz says the firm's clients de- mand bolstered security, given that lawyers are often the targets of data breaches due to the confidential nature of their work. "In my mind, [cybersecurity] is part of doing business in 2019," says Lifshitz. Ensuring external vendors secure their data is top of mind at her firm. She says it's the firm's responsibility that the external Nearly nine in 10 lawyers aim to increase cybersecurity resources, survey states vendors used are cognizant of cybersecurity threats and that the products and services Torkin Manes procures have the required protections. This due diligence is sought by clients, and it ultimately impacts the firm's bottom line. By law, firms cross-country are subject to the Canadian privacy regime, includ - ing the Personal Information Protection and Electronic Documents Act. The push for these protections might also come from other global efforts, such as the European Union's General Data Protection Regula - tion or the California Consumer Privacy Act, which are examples of laws placing onus on companies to protect consumers' personal information. "Legal organizations are required to take stewardship to maintain GDPR compli - ance, ensure appropriate collection, pro- cessing, storage and sharing of data during e-discovery, develop and monitor policies, practices and systems for ongoing confiden- tiality, integrity, availability plus resiliency," says Volkert. In-house counsel also play a "critical and expanding" role in maintaining these stan- dards for their organizations, he adds. They need to monitor ongoing legal compliance within the company, with departments such as human resources, marketing, IT/secu- rity/privacy and other business specialists to optimize the security of sensitive data, and brace themselves for potential attacks. Although the survey suggests few to no firms refuse to adopt cybersecurity mea - sures, Lifshitz says some reluctance might be present for smaller firms or those that don't possess the budget for digital protections. Data breaches cost firms enormous amounts of money; however, smaller op - erations might not always be able to afford the protections to prevent data breaches or scams from occurring. Perhaps, for more lawyers who are of the old-school mentality, cybersecurity isn't top of mind — but she says it should be. "You certainly can't pick up a newspaper or read news online without reading about a massive data breach or concerns caused by viruses. You can't help but see stories around this," says Lifshitz. "There's a ques - tion of connecting the dots to your organi- zation and your clients." IH Lisa Lifshitz says implementing cybersecurity measures to protect confidential data is part of doing business in 2019 BY ALEXIA KAPRALOS