chevron-down Created with Sketch Beta.

After the Bar

Practice Management

How to Educate Yourself in an Increasingly Digital World

Lauren D Godfrey, Julie Hess, and Jacqueline Leahy

How to Educate Yourself in an Increasingly Digital World
iStock.com/NoSystem images

Jump to:

Opportunity is knocking, and threat actors are taking full advantage. With numerous individuals working from home due to the pandemic and an increasing number of devices being used for remote access, the number of ways a threat actor can infiltrate someone’s digital environment has grown exponentially. Suffice it to say; the threat actors have taken notice. Cybercriminals are thoroughly enjoying this wide-open, digital playground and have become substantially more creative and bold with their efforts. It is, therefore, no surprise that cyber incidents are on the rise. To make it even more challenging, preventing and predicting when and where a cyberattack may occur is also next to impossible.

No one is safe from these unwanted intrusions, and no one can tell where they will strike next. Consequently, with nothing off-limits for these bad actors, every area of legal practice is affected as attorneys attempt to address client concerns over protecting sensitive personal information and prepare them for when it is inevitably compromised.

Data Security Breach Implications

With all different types of companies having the potential to become victims of a cyberattack, all facets of legal practice must know how such attacks could threaten clients.

Companies must protect the information residing on their systems. It is also imperative that a client who contracts with third parties consider how they will handle a breach of their systems, as this, too, poses a risk to a client’s data. For example, a mandatory reporting clause setting forth a time frame for the client to receive notification and the level of participation the client can have in the investigative process enables the client to remain aware of the status of its data at all times.

As another example, mergers and acquisition agreements are affected because no entity wants to find itself liable for another company’s data breach incident. Requesting disclosure on a company’s digital environment, asking for information about any previous data security incidents, and discussing remediation efforts can help avoid liability for a client in the future.

It is easy to see how as more people conduct business online with a potentially global audience, the implications of a data security breach expand internationally.

Cybersecurity Education

Knowing that a client will have a data security incident at some point, becoming educated in the cybersecurity arena is undeniably beneficial. It is also helpful to become sufficiently familiar with the issues to spot the trouble areas (i.e., data sets, notification timelines, and referral to a specialist if needed). To that end, there are numerous certifications available to help navigate through these digital waters.

Data Privacy Certifications

Certifications on data privacy are available from organizations including the International Association of Privacy Professionals (IAPP) and the International Information System Security Certification Consortium (ISC²).

IAPP Certification Offerings

IAPP offers certifications specific to privacy laws in different areas of the world.

  • CIPP/A, CIPP/C, and CIPP/E Certifications: These focus on privacy laws across Asia, Canada, and the European Union.
  • CIPP/US Certification: This certification covers data breach notification laws and sector-specific privacy laws, including HIPAA and GLBA. It also touches on telecommunications laws and privacy requirements during the employment process.
  • CIPM Certifications: These certifications are for individuals who manage privacy organizations in their daily work. 
  • CIPT Certifications: These certifications are for technical professionals taking on more privacy responsibilities.

While CIPP certifications focus more directly on privacy laws, CIPM and CIPT certifications may be appropriate for lawyers with management responsibilities at their firms.

ISC² Certification Offerings

ISC² offers CISSP, SSCP, CCSP, HCISPP certifications.

  • Certified Information Systems Security Professional Certification: The CISSP certification focuses on developing, implementing, and managing cybersecurity programs.
  • Systems Security Certified Practitioner Certification: The SSCP certification focuses on security administration and operations.
  • Certified Cloud Security Professional Certification: The CCSP certification focuses on cloud security.
  • Healthcare Information Security and Privacy Practitioner Certification: The HCISPP certification focuses on best cybersecurity practices in healthcare.

Which of these options is most appropriate for you will depend on your area of practice, professional responsibilities, and level of interest in privacy issues.

Remote Work Makes Awareness Crucial

Awareness of data privacy and cybersecurity issues has become more urgent throughout the pandemic as lawyers have increasingly relied on remote access to perform legal work. Certifications such as those listed above offer lawyers paths to educating themselves about these risks and the possible legal repercussions of breach incidents for clients.

Because law firms themselves are not immune from cyberattacks, these certifications also offer lawyers ways to arm themselves and their practices against these new modern threats to confidentiality. 

    Authors