The NY SHIELD Act And How It Impacts Law Firms

Attorneys are operating in a complex, data-driven environment, and nowadays, physical security – from locks on the doors to cameras in the workplace – isn’t enough to stay safe in terms of maintaining client confidentiality. Law firms are leveraging technology more than ever before, which is great news, but there are more entry points into the network as a result. According to a recent ABA legal technology survey, not enough law firms are leveraging the proper security measures to protect client confidentiality:

  • File encryption: 46%
  • Email encryption: 38%
  • Intrusion detection: 34%
  • File access restriction: 41%
  • Web filtering: 29%
  • Employee monitoring: 20%

A Recent ABA Report Stated That 22% of Law Firms Reported Experiencing a Cyber-Attack or Data Breach of Some Sort in 2017 – Up from 14% in the Prior Year…

It’s clear that cybercrime is becoming more sophisticated and complex than ever before. Law firms are naturally the perfect target – they hold a ton of confidential information relating to the clients they serve. On July 26th, 2019, New York’s governor signed the “stop hacks and improve electronic data security” (SHIELD) act that requires every business to implement safeguards to protect private information.

This must include designating an employee or team to coordinate a data security program, implementing practices and procedures for testing employees on that program, performing assessments to determine internal and external risks, and much more.

Have You Prepared to Comply with the NY SHIELD Act Yet? If Not, Be Prepared to Face the Consequences. The Court May Impose Penalties of $5,000 Per Safeguard Requirement Violation…

Those subject to the SHIELD Act must demonstrate that they have implemented a data security program that addresses various safeguard requirements, such as:

  • A data security program created with a designated employee or team managing it.
  • Training and testing all employees on up-to-date security practices and protocols.
  • Assessing your environment to ensure all internal and external risks are identified.
  • Implementing the proper controls to minimize the internal and external risks.
  • Vetting service providers to ensure they’re bound to a contract to safeguard data.
  • A data destruction policy in place to ensure data is destroyed once it’s no longer deemed necessary for business purposes.

Fortunately, we’ve been in the industry for a long-time and we know cybersecurity. Our team is trained on each and every one of the latest threats and we have access to the right solutions to prevent them. And you don’t have to worry about the cost – we’ll work with you to find solutions that fit into your budget. It’s 100% going to be more affordable than the aftermath of an attack.

And lastly, you don’t have to spend a ton of time with us. You can even delegate one person in your firm to be our point-of-contact and we’ll keep each and every meeting as productive as possible to minimize disruption for you.

Let’s Work Together to Make Sure You’re Compliant with the NY SHIELD Act. Call (518) 459-6712 Now.