As breaches of cybersecurity occur with increasing frequency throughout society, from Yahoo to the Democratic National Committee, bar associations find themselves with two missions: to protect their own data, which contains confidential information about their members, and to advise those same members on how they should protect their own data—especially that which contains confidential client information.
The focus on security has hit home particularly for those bar associations that in recent months learned that their members were receiving fake emails purporting to be from the bar, and informing the lawyer that a disciplinary complaint had been filed. The emails, part of a phishing scheme, contained instructions to click on a link to learn about the specific charges. The links led to phony websites that then attempted to install malware.
The Oklahoma Bar Association was one of the bars whose members received such emails, and “the phones lit up” with calls from concerned lawyers, says Jim Calloway, director of the bar’s Management Assistance Program. OBA officials realized quickly what had happened, and within a short time sent an email to all members alerting them to the scam, and warning them not to click on any links, Calloway says.
Incidents such as the fake emails don’t necessarily mean that a bar’s defenses were breached, Calloway notes, adding that the OBA was not aware of any successful hacks. “There are all kinds of places on the ‘dark web’ where you can buy email lists, including those of certain professions,” he notes. “It all depends on how much you want to pay.”