Is your firm advising clients on cyber security?

Given the seriousness and prevalence of cyber-attacks in New Zealand, its important law firms know how to properly advise their clients, one expert says

It’s not a case of ‘if’ when it comes to a cyber-attack, but when.

New Zealand businesses are now dealing with the increasing threat of cybercrime, an industry now bigger than the global drugs trade, Communications Minister Amy Adams told an audience at an Institute of Directors forum earlier this month.

For this reason, Russell McVeagh has released a new eight-step-guide in the form of a ‘Cyber Attack Toolkit’, looking at how to prepare for and respond to a cyber-attack. 

Speaking with NZ Lawyer, Tom Maasland of the firm’s ICT Practice Group, said it’s important that law firms not only look take their own data security seriously, but that they are fully prepared to advise clients.

“Lawyers, both in-house and external, can play a key role in advising company boards about their legal duties in this area under the Companies Act and businesses on the protections they can build into their operational processes,” he said.

Looking at contract terms that apply to providers of cloud data storage, who a business should notify if its data security is compromised and in what circumstances a claim could be made if it was the target of a cyber-attack, are examples of the many considerations lawyers need to make when advising clients.

Maasland said law firms in general should do more to be prepared.

“We have put together our Cyber Attack Toolkit as a framework that will allow lawyers and management teams to start talking about the issues and work through a series of steps to get cyber-prepared,” he said.

As businesses that hold a lot of confidential information themselves, Maasland said that law firms should be taking steps to ensure their own data is secure.

“Protecting information relating to the business and legal affairs of their clients in particular will be of major concern to law firms,” he said.

“As the world discovered when the Panama Papers were stolen from Mossack Fonseca, law firms can be and are the targets of security threats.  It also means that law firms need to have a capability to advise their clients in this area.”