Law Libraries and Cybersecurity

    •   

Caroline Young
Associate Director for Public Services,
The Center for Law and Justice Library
Rutgers Law School
Author, Legal Research and Law Library Management

On the heels of the recent indictment of three Chinese nationals for hacking into two U.S. law firms to obtain insider information, Legal Research and Law Library Management introduces a new chapter on cybersecurity. This chapter includes an analysis of best practices for law libraries, an outline of the role of law librarians in bolstering cybersecurity, and a cybersecurity preparedness checklist.

For years, the Federal Bureau of Investigation has been cautioning law firms that they are specifically subject to attack because they have sensitive data that if released could be devastating to clients that the firms represent.  The specific risk to law firms draws from their size. They have much larger bank accounts than individual consumers yet they are much smaller than most large companies and do not spend the money or do not have the infrastructure to put all of the right security measures into place. However, there is no doubt that breaches at law firms happen, and they occur much more than generally appreciated, although they are often not reported. In fact, one study found that 25% of law firms with more than 100 attorneys have had a security breach. Shockingly, the bulk of attorneys say that their firm has no data-breach response plan.

Understanding why cyberattacks attacks occur begins with understanding what hackers are looking for. The most common scenario is that hackers are not trying to find any specific piece of information. Rather, they randomly retrieve an enormous amount of data and then examine it to see what information is potentially valuable.

Since law firms, law libraries, and other organizations depend on their capacity to collect, access, and process huge amounts of electronic data (aggregated data) for operational efficacy, law firms and other organizations have taken on significant risks and responsibilities. For example, most law firms electronically store large amounts of extremely sensitive client information, employee records, and sensitive financial information about the firm, which makes them particularly vulnerable to hackers, causing serious financial, legal, and operational costs to the firm. 

With the dangers associated with holding huge amounts of electronic information come novel opportunities and security solutions. There are numerous potential roles for law librarians and legal information professionals in their institution’s cybersecurity plans that will allow them to partner with IT staff and other stakeholders. Some of the areas where law librarians and legal information professionals may be especially helpful are working with third-party vendors, educating and training other employees, and researching security options (e.g., software solutions, cybersecurity insurance, and the like).

Law librarians and legal information professionals are particularly well suited to aiding in the battle against cybersecurity threats in the following ways:
    • Upholding third-party vendor compliance with
       cybersecurity policies
    • Educating users about multiple devices and data access
    • Pinpointing the data that is most likely to be
       targeted or damaging if it is breached
    • Educating users about data encryption
    • Supporting and protecting password practices
       (research and software support)
    • Fine-tuning employee behavior policies
    • Training on cybersecurity rules
    • Researching cybersecurity liability insurance (research)
    • New threats: ransomware (ongoing research)

Click here to view product information about Legal Research and Law Library Management. Register and download Chapter 1 for free.

Additionally, Law Journal Press offers two related reference solutions, Information Security Law: Control of Digital Assets and Privacy Law. Not a subscriber? Take 15% off a new subscription to any of these 3 titles using promo code 510467. Promotion valid through December 31, 2017.

 

Cybersecurity Law & Strategy

 

Cybersecurity Law & Strategy
Monthly Electronic Newsletter: $445/year
www.LawJournalNewsletters.com
LEARN MORE

Latest developments, trends, cases, case studies in cybersecurity, data privacy, e-discovery, cloud computing and other legal technology.

“It’s not if you’re going to get hacked, it’s when.”

Data breaches, hacking and privacy concerns have been all over the news and present a dangerous proposition for companies that collect personal private information from customers. Law firms should be especially concerned as they possess clients’ personal information plus confidential information of corporate clients, including intellectual property/patent information.

Keeping clients’ data and information secure can be the difference in signing a client and avoiding malpractice claims if the data gets exposed. Law firms and corporations need to have a cybersecurity plan in place, as well as a plan to respond in case the data is breached.

Updated monthly with articles and analysis by experts in the field.

 

Massachusetts Legal Malpractice and Ethics

 

Massachusetts Legal Malpractice and Ethics
by: James S. Bolan and Sara N. Holden
Print + Online + eBook: $320
eBook + Online: $300
LEARN MORE

Navigate Massachusetts’ system of attorney regulation with this newest practice desk resource. Massachusetts Legal Malpractice & Ethics is comprised of two main parts: Massachusetts Bar Discipline and Legal Malpractice. Each section is further divided into subsections covering procedure, prima facie elements, defenses, seminal or noteworthy cases and commentary.

Part One, Bar Discipline, details both the investigative process and the prosecutorial process. Topics addressed include: Board of Overseers, Response to the Complaint, Diversion Program, Formal Charges, Possible Dispositions, Formal Proceedings, Discovery, Prosecuting the Petition, Review and Appeal and Proceedings Before Court. Also addressed are issues involving temporary suspension, disability inactive status, disbarment by consent, convictions, commissioners, costs and restitution, reinstatement and clearance letters.

Part Two addresses legal malpractice topics, including: Attorney-Client Relationship, Standard of Care and Proximate Cause, Damages, Expert Testimony, Other Claims (e.g., breach of contract, breach of fiduciary duty, negligent misrepresentation, fraud, interference with contractual relations), Defenses, and the Intersection Between Bar Discipline and Legal Malpractice.

James S. Bolan and Sara N. Holden are partners with Brecher, Wyner, Simons, Fox & Bolan in Newton, Massachusetts.

 

New York Employment Law

 

New York Employment Law
by: Daniel A. Cohen and Joshua Feinstein
Print + Online + eBook: $250
eBook + Online: $230
LEARN MORE

New York Employment Law provides a fresh and practical overview of relevant statutes and governing case law, explaining the interplay between state, local, and federal requirements. It identifies and follows path-breaking developments presently shaping this area of law.

Critical topics addressed include: the employment contract; common law duties of loyalty; restrictive covenants; wage and hour laws and ordinances, including minimum wage and overtime requirements; laws against discrimination based on characteristics such as race, sex, sexual orientation, disability, age, and religion; employee leave requirements; whistleblower laws; torts in the workplace, including employer liability to third parties and workers’ compensation; protected speech and privacy; reductions in force; and unemployment insurance.

New York Employment Law analyzes in detail key provisions of New York employment statutes, including the New York Labor Law, the New York State Human Rights Law, the New York False Claims Act, the New York Worker Adjustment Retraining Notification Act, and the New York Unemployment Insurance Law.

Daniel A. Cohen is Special Counsel to Walden Macht & Haran LLP in New York City. Joshua Feinstein is a partner with Hodgson Russ LLP in Buffalo, New York.

 

The Tools & Techniques of Trust Planning

 

The Tools & Techniques of Trust Planning
by: Michael Sneeringer and Jonathan Gopman
Print : $175
www.NationalUnderwriter.com
LEARN MORE

In contrast to academic trust publications that focus on the ramifications of various trust terms and deep case law analysis, this new resource provides a refreshing alternative: trending topics in trust planning.

Notably relevant to the new estate tax laws which re-define how trusts can be used in estate planning, The Tools & Techniques of Trust Planning provides: accurate information written from a distinctly practical standpoint; detailed coverage of Asset Protection Trusts; an important focus on popular topics that today’s advisors and attorneys face, such as special needs trusts for disabled individuals, marital trusts, and trusts that are useful in a divorce situation.

For professionals finding themselves in need of reliable tools and expert insights into up-to-date trust planning techniques, this resource covers: The Role of Trust Protectors; Marital Deduction and Bypass Trusts; 2503(b) and 2503(c) Trusts; Trusts and Divorce; Trust Amendments; Special Needs Trusts; S Corporations and Trusts; Grantor Retained Interest Trusts; and more.

 

 

 

Self-Register for IP Accounts – Get More From Your LJP Online Investment

 

For IP-based accounts, users can self-register for expanded access (mobile, tablet, access from home) and personalized features such as notes, bookmarks, and research folders.

How it works …

When users go to the url: www.lawjournalpress.com/group from within the IP range, they will be presented with a pop-up allowing them to register for a username and password they can use to access the content from a mobile or home device.

The username must match the domain of the IP account. So, if the main account is set up under deweycheatemhowe.com, the user is required to register using that same domain. Then, when users want to login from a remote device, they can simply hit the login button, enter the username and password; and check the group account tick box.

If users choose not to register, they can hit a “No Thanks” option and the pop-up will be repressed. The “No Thanks” option is cookie-based, so if users change computers or clean their history, the pop up will reappear.

The librarian/group admin still has access to the original group admin interface and can see who has registered; and retains the ability to add, remove, or modify the accounts.

If you don’t want users to self-register, let your account rep know and we will remove the feature from your account.

We are hopeful that this improvement will allow our IP account customers to get more out of their investment in LJP products.

If you have any questions about the new feature, or other product enhancements, please contact me directly, tknudsen@alm.com

 

 

 

Earn a $100 AmEx Card & Help Us Build a Better LJP Online

 

We are conducting diary studies of our users’ experiences using LJP Online. We need your input!

What you will be required to do:
Meet with the study coordinator briefly over the phone before and after the study, sign in and use the LJP Online application five times over the period of a few weeks. You will be given access to a Google spreadsheet where you will be asked to take notes on your experiences.

We want you to record what you logged into the site to do, and how you found the online experience, i.e., What was helpful? What was not? and Why?

If you are interested in participating, contact Tonya Knudsen at tknudsen@alm.com