Brooklyn Bar Association CLE gives attorneys cyber-security tips to protect their clients

Lecture also covers the SHIELD Act which takes effect March 21, 2020

November 19, 2019 Rob Abruzzese

David Bensinger (left) and Daniel Antonelli gave a lecture at the Brooklyn Bar Association designed to help attorneys protect their clients from cyber-attacks. Photo courtesy of Daniel Antonelli

Share this:

In the era of increased risk of identity theft, the Brooklyn Bar Association held a continuing legal education seminar on Monday, Nov. 4 to ensure that local attorneys understand their fiduciary obligation to their clients when it comes to protecting their information.

Attorney Daniel Antonelli, the chair of the BBA’s Computer Technology Committee, gave a CLE with Dr. David Bensinger, from Bensinger Technology, titled, “Cyber-Security Made Simple: A Guide to Protect Personal Information and Clients’ Information from Cyber-criminals & Review of New York’s New Cyber-Security Law Requirements”.

“We tend to think of foreign countries and high-tech bad-guys as the people doing the hacking, and we tend to think of the victims as big corporations,” Antonelli said. “But the truth is that there are people right here in Brooklyn targeting solos and small firms.”

The pair gave a two-hour lecture during which they informed attorneys that they are required to defend their digital files from various types of cyber-attacks, including viruses, phishing scams and other methods of social engineering.

“These days most hackers target people, not computers,” Bensinger said. “The most common attacks are social engineering schemes where the cyber criminals use deception to fool people into sharing confidential information. Phishing scams, fake websites and spoofed email addresses are common forms of social engineering.
.
“In all these cases, the attackers are trying to trick you into giving away credentials to accounts that they use for illegal activities such as breaking into your email account and initiating unauthorized bank transfers,” Bensinger continued. “A properly maintained technology infrastructure helps but training the non-technical end users who have access to privileged information is just as important.”

Bensinger’s company often works with small- and medium-sized law firms to help protect their clients. During the CLE, he and Antonelli explained potential liabilities and best-practice steps for attorneys to take.

The program also focused a good amount of time on the SHIELD ACT, which is set to go into effect in New York State on March 21, 2020. The SHIELD Act will strengthen laws in relation to notification of a data breach. It will also broaden the scope of what is considered a data breach.

“Existing law requires us, in the event of a data breach, to notify the individuals whose private data was exposed along with the attorney general, the New York Department of State, and the state police,” Antonelli said. “The new portion of the legislation, among other things, requires us to implement reasonable administrative, technical and physical safeguards. As attorneys, we’re all bound by the legislation. There’s a more flexible standard for small businesses, but we’re not exempt.”

Antonelli explained that there has been a lot of interest in cyber security CLEs among attorneys recently, particularly from real estate attorneys who are concerned that contract deposits that are held in escrow can become targets.

“They pretend to be the broker, the buyer’s attorney, etc. and trick the attorney holding the funds into transferring all or a portion of it,” Antonelli said. “Unfortunately, these kinds of attacks are all too common.”

Antonelli said that attorneys can remain fairly secure on their own if they take precautions not to put themselves at risk. He added, though, that there are services that they can hire to ensure they’re protected.

“IT professionals like David are critical to setting up a good digital security system,” he said. “They also know how to implement policies to prevent attorneys and their staff from falling prey to ransomware and phishing scams and to look out for new, evolving forms of cyber-attacks.”