President's Message

February 2024

Jesse Souki

Hawaii State Bar Association President

Aloha HSBA Members:

January flew by, and we are already more than halfway into February—Happy Valentine's Day, and I hope your team did well in the Superbowl!

Unfortunately, you may have read the e-blast from HSBA regarding a phishing attempt using my name with a false email address. “Phishing,” according to the U.S. Federal Trade Commission, is when “scammers use email or text messages to trick you into giving them your personal and financial information.” Scammers use this approach to pry away personal information like bank accounts and social security numbers. This is not the first time this has happened, and it will not be the last, as scammers become more sophisticated and take advantage of new technologies like AI. However, we can protect ourselves. Read more about phishing here

Cybersecurity is a pernicious problem for firms and clients. According to a 2022 survey of 265 organizations by the Association of Corporate Counsel Foundation, “twenty-two percent of companies now employ an in-house counsel with responsibility for cybersecurity—up 10 percentage points since 2018.” And, “Damage to reputation (77 percent), liability to data subjects (61 percent), and business continuity (51 percent) are the most immediate concerns with regard to a data breach.” Read more here

The U.S. Cybersecurity and Infrastructure Security Agency has a webpage specifically dedicated to lawyers with resources for responding to emerging cyber and infrastructure security threats. The site includes information regarding applicable regulations and technical approaches to uncovering malicious activity and mitigation steps according to best practices. Read more here.

David G. Ries wrote a helpful article entitled, Cybersecurity for Attorneys: The Ethics of Securing Your Virtual Practice, in the ABA Law Practice Division’s periodical, Law Practice Today. Ries references ABA Formal Opinion 477R, Securing Communication of Protected Client Information, which recognizes hacking and data loss in terms of not “if” but “when” it happens. Opinion 447R notes that law firms are targets of hacking and data loss, because “they obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client,” and “the information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client.”

Aside from phishing, Ries lists other cyber threats, including “spearphishing, ransomware, business email compromise, supply chain/third-party compromises, and lost and stolen laptops, smartphones, and portable devices.” The article surveys the ethical and common law duties of lawyers to take competent and reasonable measures to safeguard information relating to clients. In short, Ries recommends “designing, implementing, and maintaining an appropriate risk-based cybersecurity program.”

HSBA has offered CLEs on cybersecurity from time to time. One CLE available online is Protect Your Firm From Catastrophic Cyber Attacks, presented by Tom Kirkham, Founder and CEO of IronTech Security. You can watch it at your own pace.

Keep yourself, your family, and your clients safe by keeping up with cybersecurity issues. Mahalo and stay safe.

2024 HSBA Board of Directors