NC State Bar Rolls Out Cybersecurity Self-Assessment

by | Jan 7, 2025 | legal matters

“There is no correct answer to the questions, ‘How much cybersecurity does my law firm need?’ or ‘How much should I spend on cybersecurity?’ There is no one size fits all,” said Peter Bolac, the new executive director of the North Carolina State Bar.

The State Bar and Lawyers Mutual have developed a free Cybersecurity Self-Assessment designed to help lawyers and law firms evaluate and strengthen their cybersecurity protocols. Bolac spoke with me about the project.

PB: The Cybersecurity Self-Assessment is a series of relatively broad questions in areas regarding budgeting, hiring and staffing, basic safe security protocols, and standards and procedures. It lets lawyers answer these questions and then provides tailored resources such as checklists, videos and handbooks from vetted sources. Based on their answers to the questions in the assessment, lawyers can continue to learn and improve their practices. For example, a lawyer who scores low on questions pertaining to disaster planning would be provided with guides to disaster planning and incident response.

The State Bar requires one hour of technology CLE for lawyers every reporting period. Continuous learning in this area is necessary. It’s essential to a lawyer’s practice. Lawyers who complete the self-assessment receive one free hour of technology training CLE credit.

AALM: Is the State Bar considering adopting minimum cybersecurity requirements for law firms?

PB: We have an ethics opinion about using software as a service that includes guidance on a lawyer’s duty of competence in technology and cybersecurity, but we don’t set minimum security requirements because it can create a false sense of security when the risks are constantly changing. In this area, we’re forced to go back to the classic lawyer phrases of “reasonableness” and “due diligence.” As much as lawyers would prefer that we give them “if you do this, you’ll be OK,” there is no one-size-fits-all answer to that question. Law firms have different industry-specific requirements and hold different kinds of sensitive data. Therefore, what might be enough security for one law firm might not be sufficient for others. This assessment gives lawyers the resources to help them make those decisions.

At a minimum, lawyers must stay abreast of changes in the cybersecurity laws and changes in the specific technologies relevant to their practice.

AALM: A 2023 ABA survey reported that 80% of respondents have one or more policies governing technology. That means a lot firms are still not addressing cybersecurity.

PB: Hiding your head in the sand is no longer acceptable. Claiming ignorance is not going to work. We’ve all been targets. The State Bar in 2019 was the subject of a ransomware attack. It’s happening everywhere. Law firms are a constant target because of the sensitive information that they are holding. The industry uses the phrase “it’s not if, it’s when” in terms of cyber-attacks, and lawyers need to be prepared.

Complete the self-assessment at https://ncsb.avvy.pro/. Complete the 1 CLE credit request form at
https://forms.office.com/g/BBPThxLZ1g.

The post NC State Bar Rolls Out Cybersecurity Self-Assessment appeared first on Attorney at Law Magazine.