A Cybersecurity Handbook for All Attorneys and Law Firms

By Shawn E. Tuma

Books October 2019
Cover courtesy of ABA Publishing.

Cybersecurity is one of the most important issues of our time and one that most certainly will impact all attorneys and law firms across the entire spectrum of practices. Despite the importance of this issue for the legal profession, most of the information written about cybersecurity is not very usable by practicing attorneys and, in many cases, makes it seem as though being cyber secure is only important to the largest of law firms—and out of reach to all others.

Recognizing this need, in the second edition of their book, The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business Professionals (ABA Publishing, 2017), editors Jill D. Rhodes and Robert S. Litt assembled an all-star team of 26 well-respected practitioners who share their expertise with the readers. This book, written by practicing lawyers for practicing lawyers, is 464 pages full of substantive content that goes from high-level, easy-to-read top 10 lists that even the most technophobe lawyer can use all the way down into the weeds of deep technology, cybersecurity, and legal analysis that even the most advanced readers will find valuable. The focus on practicality is what makes it so useful.

The Handbook provides helpful guidance for attorneys who practice in every type of setting across all practice areas. Whether it is a solo attorney doing probate work in a rural county looking for a few simple tips, the attorney practicing in the international firm counseling clients on substantive cybersecurity and data privacy issues, or in-house counsel, government lawyers, and public interest lawyers, they will all find the Handbook helpful.

The authors avoid much of the hysteria and fearmongering we often hear with cybersecurity. Instead, they provide clear examples of the risks and practical solutions to the problems. The book addresses how cybersecurity risks apply to attorneys and law firms in particular and why legal and ethical obligations require lawyers to protect against those risks, and provides practical solutions for how attorneys and law firms at every level can help protect against those risks. This is reflected in the organization of the book, which is broken down into four primary sections: (1) cybersecurity background and risks and common forms of attack, especially against attorneys and law firms; (2) lawyers’ legal and ethical obligations for protecting their networks and client data; (3) application to different legal practice settings from large to small law firms, in-house counsel, government lawyers, and public interest attorneys; and (4) guidance on incident response and cyber insurance issues.

Most larger and more sophisticated firms are addressing cybersecurity because their clients are demanding that they do so or else they will not send them business. The attorneys that frequently need the most help are the solo and small-firm practitioners that do not have the information technology and cybersecurity teams in place. This book provides excellent straightforward advice to them in Chapter 9, “Cybersecurity for the Little Guys.” The introductory paragraph sums up my experiences in this area quite nicely:

I can hear some lawyers saying it now: “I’m just a solo. I don’t need a complicated computer security system. Nobody is interested in me. Besides, I don’t have an IT department to handle it or a big budget to spend on computer security. This is just for the big firms.”

The chapter goes on to explain why this thinking is not only incorrect on several levels, but provides 12 specific steps solos and small firms can take, with explanations and a table for checking off completions, for effectively improving their cybersecurity. TBJ

For more information about cybersecurity from the American Bar Association, go to



is an attorney widely recognized in data privacy and cybersecurity law, areas in which he has practiced for over two decades. He is co-chair of the Data Privacy and Cybersecurity Practice Group at Spencer Fane and works primarily in the firm’s Collin County and Dallas offices.

{Back to top}


We use cookies to analyze our traffic and enhance functionality. More Information agree