If you’re familiar with my column you know that I have been urging lawyers to learn about — and use — technology for over a decade now. I always stress how important it is for lawyers to educate themselves about the technologies available for use in their law practice and to make informed decisions regarding which tools to invest in for the long haul.
The reason it’s so important for lawyers to understand technology is because it has a direct impact on both the practice of law and the business of running a law firm. For example, cloud computing used to be viewed with skepticism and distrust. But no more. Because cloud-based software singlehandedly made it possible for the legal profession and courts to continue to function throughout the pandemic, it’s now a commonplace technology that is used in law firms across the country.
The increased use of cloud-based technology is a positive trend for any number of reasons, not the least of which is that it protects law firms from ransomware attacks. This is because law firm data stored in the cloud is housed on servers located offsite; as a result the servers — and the data stored on them — are protected from ransomware attacks.
These types of cyberattacks occur when bad actors are able to install malware on a law firm’s in-office systems, oftentimes by exploiting a vulnerability caused by a failure to install necessary software updates. When that malware is activated, all data stored on a law firm’s on-premises servers can be locked up and held hostage for ransom. Meanwhile, any and all law firm data stored or backed up in the cloud will be immune from the attack since the data is not stored on the hacked premises-based servers.
So if your law firm isn’t using cloud-based software to house or backup its data, it should be. If you’re still not convinced, perhaps a recently proposed New York Senate Bill will do the trick. In May, Senate Bill S6806A was introduced in the New York State Senate by Sen. Diane J. Savino (D-Staten Island). This bill “prohibits governmental entities, business entities, and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack.” Presumably the goal is to deter would-be criminals from engaging in ransomeware cyberattacks by removing the incentive: the ransom.
However, the bill has the practical effect of precluding businesses that are victims of a ransomeware attack from complying with the ransom demands. So, if this bill is enacted and your law firm is a victim of a ransomware attack, any law firm data stored on your firm’s hacked in-office servers will be lost since you will be prohibited from paying the ransom required to get it back. On the other hand, under this same scenario, any firm data stored on the remote cloud-based servers will continue to be accessible, and your inability to pay ransom will be of no consequence.
Notably, three other states are considering similar legislation, but under those bills only taxpayer or state funds will fall under the ransomeware payment ban.
The key takeaways for lawyers are twofold. First, make sure to regularly update any and all premises-based software and enact other cybersecurity measures, including training your employees to detect and avoid phishing and spoofing emails. Second, make sure to store your law firm’s data in the cloud. Not only will your firm enjoy the benefits of 24/7 convenient, secure, and flexible access to law firm information, the data will also be protected from ransomware attacks.
So if your firm isn’t already using cloud-based software, what are you waiting for? There’s no time like the present to make this important transition to the cloud.
Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase legal practice management software. She is the nationally recognized author of “Cloud Computing for Lawyers” (2012) and co-authors “Social Media for Lawyers: The Next Frontier” (2010), both published by the American Bar Association. She also co-authors “Criminal Law in New York,” a Thomson Reuters treatise. She writes regular columns for Above the Law, ABA Journal, and The Daily Record, has authored hundreds of articles for other publications, and regularly speaks at conferences regarding the intersection of law and emerging technologies. She is an ABA Legal Rebel, and is listed on the Fastcase 50 and ABA LTRC Women in Legal Tech. She can be contacted at [email protected].