Comment 8: No, Size Doesn’t Matter When It Comes to Cybercrime

The ABA Rules of Professional Conduct, Model Rule 1.1 Comment 8 requires, “To maintain the requisite knowledge and skill, a lawyer shall keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” To that end, we have developed this regular series to develop the competence and skills necessary to responsibly choose and use the best technologies for your educational and professional lives. If you have any questions, concerns, or topics you would like to see discussed, please reach out to e.koltonski@csuohio.edu.

 

As a solo practitioner, a partner in a small firm, or a student who hopes to work in such an environment it is important to realize that you are at risk of a cyber-attack. Many small and medium-sized businesses (SMBs) wrongly believe that their size helps protect them from malicious hackers. This is not the case. Cybercriminals will attempt to steal your data or encrypt your data as part of a ransomware scheme no matter your size. An article published by Cybersecurity Magazine highlights this danger, reporting that 43% of data breaches involve SMBs.

 

Your SMB’s computers and data are also exposed because of any number of bugs and vulnerabilities that exist in the software and services you use. A recent example of this type occurred during late 2021 and is known as the Log4j Event. For those who don’t know, let’s begin with a brief introduction that won’t require us all to get degrees in computer science.

 

Log4j is an open-source bit of code used by software developers that is so useful that it is even used in lots of commercial software. Soon after this vulnerability was discovered, cybercriminals were able to exploit it to attack computers. Though the outcome of Log4j ultimately proved less-catastrophic than security professionals originally thought thanks to quick responses from industry, governments, and cybersecurity teams, the problem is nowhere near resolved. A recent report by the Cyber Safety Review Board, which operates under the Cybersecurity and Infrastructure Security Agency (CISA), believes that it will takes years to fully fix the Log4j issue.

 

According to a recent study, the average cost of a breach for an SMB with less than 500 employees is over $2 million. This is why it is necessary for solo practitioners, small firms, and current students to fully understand the value of working proactively to protect your data and computers. Thankfully, CISA provides many great publications and advisories about tools to help you protect your SMB.

 

Remember: you aren’t just protecting yourself, you’re protecting your clients.