Every Internet user must be cautious when transmitting personal or confidential information over the Internet. Hackers have gotten savvy and continuously think of new ways to access confidential information. Recently, hackers have developed a way to send Apple iMessages notifying users that they have been logged into another Apple device. The message will indicate the type of phone the user has, so the user thinks it was him or herself who logged onto their own Apple device. The goal of a phishing scheme like this one is to get the user to confirm that it is their Apple account by typing in their Apple ID or other personal information. Users have to be wary of this because so many of the hacking tactics look legitimate.
One way to tell if the email is coming from a hacker, click on the sender information. If the sender’s information does not look like it came from Apple, forward the email or iMessage to reportphishing@apple.com immediately. Even if it ends up being a real message from Apple, do not put in your confidential information until you are certain. Hackers will target Apple ID accounts because most users will save their credit card information for iTunes and Apple App Store purchases. This means users should also be wary of Amazon accounts, Target accounts, and other retailer accounts where there is an option to save your credit card information.
In 2017, it is estimated that there will be more Internet users and traffic than all of the prior Internet years combined. Additionally, in 2016, “Only 44% of web traffic is from humans; a massive 56% of web traffic is from bots, impersonators, hacking tools, scrapers and spammers.” With the amount of increased traffic and Internet users in 2017, how can individuals protect their personal information? Importantly, how can lawyers and other professionals protect their own confidential information as well as their clients’ confidential information?
In 2016, the FBI’s cyber division notified law firms that cyber hackers were targeting international law firms in order to obtain information for an insider trading scheme. Also, in 2016, two major law firms, Cravath Swaine & Moore LLP and Weil Gotshal & Mangers LLP were hacked and it was suspected that this hack was to obtain information on insider trading. Therefore, it is imperative that law firms keep up and consistently evaluate their own security procedures and softwares to ensure that confidential client information does not end up in the wrong hands. There is also an ethical obligation for lawyers to keep client information secure and confidential. ABA Model Rule 1.6 defines a lawyers duty of confidentiality, which includes keeping information relating to the representation of a client confidential. In Comment 16 of this rule, lawyers are required to use reasonable precautions to safeguard and preserve client information.
Additionally, many states have passed general security laws that require reasonable measures to protect customer or client information. For example, Massachusetts passed M.G.L. c. 93H in 2010, which applies to “persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts.” This absolutely includes lawyers practicing in Massachusetts, but it also may apply to lawyers and law firms across the country whom have sufficient contacts with Massachusetts and would satisfy the personal jurisdiction requirement. M.G.L. c. 93H also requires that lawyers encrypt all data that contains personal information that will travel across public networks, that will be transmitted wirelessly, and that is stored on laptops or other portable devices.
Lawyers are tasked with adhering to these stringent ethical rules and state regulations, however, commonly used programs are not safe for the transmission of confidential client information. Email has come a long way in terms of technology, but all emails sent even today are at risk of being intercepted by a hacker. This is not true if your email is encrypted. Encryption is the process of converting information into code, thus, preventing unauthorized access. If encryption protects confidential emails, why is it that most lawyers are not encrypting their emails? The answer is simple: encrypting your everyday emails is difficult and encryption software is hard to use. Because of this, lawyers should not be using email to correspond with clients on particularly sensitive information. However, some of the major email supporting companies like Google and Microsoft now include encryption. The downfall of this is that the encryption function is only available when emailing between Gmail and Office accounts.
However, lawyers are still not out of luck. Many commonly used messaging apps are encrypted. The Lawyerist, suggests that the best encrypted messaging app on the market is “Signal”. The best part about Signal is that all messages are sent and then stored with encryption. This leaves no room for potential hacking. The Lawyerist encourages lawyers to use Signal because it is safe for even the most confidential information. Signal is available for a mobile device and computers through a desktop application. Lawyers should be more cognizant about how they are transmitting client information across the Internet and consistently make sure their firms are not at risk for hacking or phishing schemes.
Student Bio: Jordan Bigda is a staff member on the Journal of High Technology Law and a current second year law student at Suffolk University Law School.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.