Cybersecurity training will be compulsory for lawyers in some U.S. states

Information security is no longer an issue where only experts need to stay updated. The New York State Bar Association (NYSBA) House of Delegates approved a proposal for attorneys in this region to complete cybersecurity training courses as part of the Continuing Legal Education (CLE) requirements they must meet.

This proposal originates after the Technology and Legal Profession Committee submitted a report on the cybersecurity risks that legal firms currently face.

Approval of this proposal could take place before October, which would be a good sign of New York lawyers’ commitment to the safety of legal service users. It should be remembered that legal firms that store confidential information of their customers and employees in electronic means must ensure adequate protection of this data, which involves the constant training of their IT staff, for compliance with the New York State Stop Hacks and Improve Electronic Data Security (SHIELD) Act.

Experts say cybersecurity threats to legal firms have increased considerably. In an investigation published in the New York Law Journal, the Committee notes that the number of computer security incidents affecting law firms has increased by 100% compared to 2018.

Security incidents could increase due to the pandemic, as multiple firms have turned to work from home, largely depending on remote communication platforms and making their employees more vulnerable to cyberattacks.

In addition to applying for legal firms and law firms, the SHIELD Act also applies to any individual or company that owns or licenses computerized data from New York residents. To comply with the Act, companies and individuals must develop, implement and maintain reasonable security mechanisms to protect the safety of their users.

Legal professionals are in continuous work with sensitive and even confidential information, which is why the guild has begun to consider cybersecurity training as a way to protect private information from any incident that could compromise its integrity. In addition, under the New York Professional Conduct Rule, attorneys must make any reasonable effort to prevent inadvertent or unauthorized disclosure or use or unauthorized access to the information they work with, so this proposal is, in practice, a new way to enforce state law.