View more from News & Articles or Primerus Weekly

From the President's Desk

Firms need to keep up their guard in cybersecurity realm

Hardly a week goes by without a news flash about a corporate titan, governmental entity, or philanthropic organization that has been victimized by a cyber-attack, causing massive data breaches that can spread damage faster than a wildfire on a bone-dry summer day.
In today’s digital world, it is akin to a technological twist on the old saying that a lie can travel halfway around the world while the truth is still putting on its shoes.

Which is a chief reason why cybersecurity has become a global growth industry over the past decade and one of the primary concerns for those who possess sensitive personal and professional information.

The risks can be especially great for law firms, which by their very nature deal with some of the most important and confidential information in the business marketplace. The pervasive threat posed by computer hackers is now a 24/7 sort of reality for law firms big and small, as they try to install safeguards to avoid the potentially catastrophic cost of downtime, lost revenue, and the long-term reputational damage to a business and its brand.

Hackers, not surprisingly, are an enterprising and insidious bunch, some acting individually in the dark regions of the web while others work their technological evil as part of well-organized groups backed by nation-states.

Wherever hackers reside, collectively they comprise an organized crime family bent on accessing, changing, or destroying data in an effort to extort money and to disrupt normal business operations. In short, they are a menace that can bring a business to its knees unless a strong cybersecurity strategy is in place to thwart their illegal intrusions.

President John C. Buchanan

As a former FBI director said several years ago, “Cyber-crime blows away all concepts of time and space and requires us to shrink the world just as the bad guys have. As law enforcement officials, we need to treat internet crime just as seriously as a criminal kicking in your door and stealing your belongings.”

In response to the ever-growing threat, the Primerus™ Board of Directors in March approved a Cybersecurity Initiative designed to establish a set of industry standards that member firms must achieve in order to ensure data privacy protection for its clients.

The comprehensive program was the by-product of nearly two years of work by the Cybersecurity Subcommittee of the Primerus™ Quality Assurance Board, which recommended a series of 11 measures to plug data security gaps and to protect critical information systems without sacrificing authorized accessibility and the user experience.

Our own “11-step” program will be divided into two phases with the first six cybersecurity requirements to be met by each member firm by September 15 of this year, while members will be asked to comply with the second set of measures by the same date in 2024.

More information about the program is contained in a letter sent to each member firm in April, while additional details are available in a Primerus™ video hosted by Ken Rashbaum of Barton, LLP in New York and Johannes Struck of Brödermann Jann in Hamburg, Germany. The video, as well as a list of answers to “Frequently Asked Questions,” are available on the Primerus™ website.

Accordingly, we owe a special debt of gratitude to all those from the Quality Assurance Board – led by Chairman Marc Dedman – and the Cybersecurity Subcommittee for their excellent work in developing the new policies that form a “best practices” approach to data security challenges. Those involved in the effort include many of the finest legal minds in the profession and possess the insight and expertise to help us develop a strategy that has layers of protection to defend against cyber-attacks.

Chairman Dedman, a partner with Barton LLP, said as much in the April 14 letter, noting: “Significant analysis was undertaken by the Subcommittee, which assessed both client needs and expectations as well as how Primerus™ firms can differentiate themselves from competing non-Primerus™ law firms.”

As noted in the letter, input for the initiative was “provided by Primerus™ members from around the world and underscored the importance of letting clients – and potential clients – know that Primerus™ member firms are able to represent them with a level of cybersecurity not matched by most other law firms in the world,” according to QAB Chairman Dedman.

Evidence of that fact is our pledge to assist member firms with the compliance process, providing a list of law firms, IT specialists, and other valuable resources to formulate cybersecurity policies and procedures for your protection.

The list is in the process of being assembled now, and we invite member firms to contact us if you specialize in such legal work so that you can be considered for approval. We also welcome your recommendations on those who are qualified to handle this type of cyber work or companies that possess the IT skills and knowhow in this burgeoning area.

Please contact Katie Bundyra, Senior Vice President of Member Services for Primerus™ at kbundyra@primerus.com, to express your interest in being included in the list or with your recommendations.

Assuredly, one of the Primerus™ firms that will be listed is Barton LLP. The firm recently sent out a brochure to Primerus™ members outlining the cybersecurity services it provides. In doing so, Barton, LLP may have unintentionally offered the impression that Primerus™ was endorsing its firm over other worthy legal options in the Primerus™ community. Clearly, we would not demonstrate any sort of favoritism in that regard, remaining true to our mission of promoting the value of Primerus™ as a singular and indivisible unit.

Teamwork is at the heart of Primerus™, as is our desire to remain impartial when member firms’ market and promote their legal services. No matter the size or location of the firm, we believe in treating each Primerus™ member fairly and equally, adhering to an evenhanded approach for the good of all concerned.

That is our promise to each of you, one that you can confidently bank on over the long term.

Best regards,
Jack Buchanan, President