At the Solicitors Regulation Authority’s conference for international legal regulators earlier this autumn, one of the most interesting sessions dealt with the ‘hot topics’ currently bothering regulators across the globe.
There was quite a range: bullying within the profession is a big issue in Australia, for example, while alcohol and drug abuse by lawyers is rife across the common law world. For regulators, problems arise when a regulatory breach stems from a lawyer’s depression, or addiction, which is then put forward as mitigation for their transgressions.
Does the client victim in these circumstances deserve any less protection? That is the question one regulator suggested should be kept in mind in these cases.
In the US, one delegate provided a snapshot of the advice given by those professionals who defend lawyers in regulatory proceedings. ‘The defence lawyer will ask, do you suffer from depression or have an addiction?’ he said. ‘If the answer comes back no, then the advice is – well, you’d better get one.’
Another ‘hot topic’ for the legal profession and its regulators is the growing threat of computer hacking. Here, lawyer Seth Berman of digital risk management firm Stroz Friedberg talked about the particular dangers that law firms face, and called for regulators to impose a requirement on firms to have their data security checked at regular intervals.
To illustrate his point, Berman gave a real-life example of a law firm client that had recently been targeted by hackers. A large number of associates at the firm had received an email from a Hotmail account or similar, which included the name of the firm’s managing partner - to give the appearance that it had been sent from his personal account.
The email, purporting to be from the partner, said that he was having difficulty accessing the firm’s email that morning, but that he needed them to look at an attached document asap.
The document contained a bug designed to harvest information from the law firm’s systems.
In the event, the hacking attempt was not quite sophisticated enough to achieve its aim. While quite a few lawyers had opened the email, and some of them may have clicked on the attachment, enough were sufficiently suspicious to have sent it on to the firm’s IT department, which was able to act to prevent any data theft.
In reality, associates have little direct dealing with a managing partner in that way, and the email did not ring true. But it wasn’t too far off.
Berman warns that lawyers will continue to be targeted by what are becoming increasingly intelligent ‘spearphishing’ attacks. Firms hold valuable data about their clients, which is worth stealing. And often a law firm’s own website will contain enough information - biographical details, educational history - to form the basis of an attack.
An email from an unfamiliar name, claiming to be an old classmate and attaching a picture - of the college football team, for example - could prove to be far more sinister.
I’m not convinced that solicitors need any extra stick from the regulator to encourage them to deal with this problem. The thought of the reputational damage - not to mention the client lawsuit - that could rain down on their firm if they succumbed to such an attack, should be reason enough to ensure that they have the right defensive systems in place.
Rachel Rothwell is editor of Litigation Funding magazine, providing in-depth coverage on costs and the financing of litigation.
Follow Rachel on Twitter