Top Menu

Cybersecurity for Lawyers

Legal Cybersecurity

In the world of law, continuing legal education (CLE) credits, or minimum continuing legal education (MCLE) credits, are ongoing professional education credits for attorneys that take place after their initial admission to the bar. These are available to American Bar Association (ABA) members in a continually growing library that can be accessed online or via other approved methods.

Recently the New York State Bar Association (NYSBA) announced that based on the recommendation of their committee on technology & the legal profession, New York attorneys would be required to take at least one cybersecurity CLE credit every two years.  This would fall under the “Ethics and Professionalism” category and would not add any additional credit hour requirements for attorneys that are new or practicing.


This decision was based on the increasing number of attorneys that work remotely in New York.  This setup for practicing lawyers has of course been on a steady rise with the onset of COVID-19.  As cybersecurity professionals are well aware, this new normal in the working environment has only increased the risk which an individual can be exposed more easily to a breach or hacker’s tactics.  Security in the legal profession is of the utmost importance, and the adjustment to the CLE program is something that is a start in addressing the changing legal landscape.

The work from home situation, coupled with a rise in data breaches at New York law firms, makes this imperative, but not all NYSBA members were on board with the change.  There was a different opinion that felt that making it required, would only take away from the opportunity to use their CLE hours for “section-specific ethical education” that pertained to their practice.

A Necessary Change

While the argument can be made that this is a diversion away from practice-specific learning, the fact is that data breaches and the risk to everyone from unsafe cybersecurity practices is of greater impact.  One breach can take down a whole firm, and the entire team needs to be on board when it comes to safeguarding clients and the practice as a whole, not just worrying about it on a case by case basis.