Digital hygiene is a set of measures aimed at protecting the information, communications, and professional activities of a lawyer from cyber threats, which is critically important in the context of the digitalization of the judiciary in Ukraine. According to Article 22 of the Law of Ukraine ‘On Advocacy and Advocacy Activities,’ attorney-client privilege covers all information received from clients, including documents, correspondence, consultations, and client information.
Violation of attorney-client privilege can lead to loss of client trust, reputational damage, lawsuits, or disciplinary liability as provided for in Article 34 of the Law. According to the IBM Security 2023 report, the average cost of a data breach is $4.45 million. In the legal field, this figure can be even higher due to the extremely sensitive nature of the data.
For example, in 2020, as a result of an attack on the law firm Grubman Shire Meiselas & Sacks, 756 GB of confidential information was stolen, including contracts with celebrities.
Lawyers are an attractive target for hackers as they store critically important data: financial documents, contracts, clients’ personal data.
With the active implementation of digital platforms in Ukraine, such as E-Services, Diia.Sign, the electronic court cabinet, and ASVP, the importance of digital hygiene is only increasing. It is a mandatory component of compliance with the Law of Ukraine ‘On Personal Data Protection’ and GDPR if a lawyer works with clients from the EU.
Main threats to a lawyer’s digital security
The guide ‘Legal Practice and Information Security’ highlights several critical risk areas:
1. Phishing and Social Engineering
Lawyers are often targeted in attacks where criminals impersonate clients, colleagues, or courts. For example, phishing emails may mimic a court summons or a request for consultation. The best defense is critical thinking, two-factor authentication, and verifying the source of communication.
2. Improper Password Storage
Passwords for email, E-Services, cloud storage are often stored in browsers or on paper. The guide recommends using password managers (e.g., Bitwarden) and creating unique complex passwords for each service.
3. Unsafe Use of Public Wi-Fi
Connecting to open networks without a VPN is a direct threat to intercepting confidential information. Even viewing cases in E-Services at a cafe can be compromised.
4. Risky Document Handling
Sending contracts, scans, and other documents via unencrypted email is a serious risk. The guide recommends using encrypted file transfer services (e.g., Tresorit) and electronic signatures only from trusted sources.
5. Weak Device Control
Using personal smartphones or computers without updates, antivirus, or disk encryption is another threat. Especially if the device is lost or falls into the wrong hands.
Ensuring digital hygiene in practice
Minimal steps for every lawyer:
-
Enable two-factor authentication wherever possible.
-
Use password managers instead of storing passwords in the browser.
-
Regularly update software and OS.
-
Do not open attachments/links from suspicious emails.
-
Use a VPN when connecting to open networks.
-
Transmit documents only through encrypted services.
-
Periodically conduct a digital security audit: review access rights, privacy settings, use secure messengers (Signal, ProtonMail).
Conclusion
Digital hygiene is not an option but a professional duty of a lawyer in the digital age. It is directly related to compliance with attorney-client privilege, legal requirements, and client trust. Implementing basic security measures allows not only to avoid legal liability but also to maintain reputation and confidence in the safety of one’s practice.