Top Legal Ethics Stories And Cybersecurity Concerns

bench at the Supreme Court. Bloomberg Law with June Grosso from Bloomberg Radio. Welcome to Bloomberg Law and Bloomberg Radio. I'm Joe Short's living for June Grosso, coming up on the show Green Fraud. Why there will be such a focus? In two will also cover the fate of the jail where Jeffrey Epstein hanged himself, plus combating cybersecurity in the new year. But first we begin with legal ethics sanctions for Rudy Giuliani and other attorneys over dismissed election fraud

lawsuits aimed at keeping Donald Trump in office. Topped Bloomberg's legal ethics headlines for one. Bloomberg Industry Group reporter Melissa Helen wrote the list. We went through her findings and looked back on the biggest legal stories in one. When it comes to ethics, let's start with the election lawsuits. Why was that the number one choice? It's an item that everyone can really associate with, not just attorneys. You know, we all took part in the election, and the aftermath

was covered widely by the news media. The legal aspect of it is that attorneys can't file frivolous lawsuits, and Giuliani and some of the other attorneys who filed these lawsuits were found to have filed false in the saving statements with the course, they didn't back up their seats with facts, and they were therefore sanctioned and not lightly. This one is, as a reporter, really interested me, Melissa. It has to do with judicial disclosures following a Wall

Street Journal report. Tell us what that report found and what's happened since. Sure, the report found that one thirty one judges heard cases in which they are family members helped stack in companies that were involved in the cases those judges oversaw. So the House earlier this month voted on the Courthouse Ethics and Transparency Act um. I think what really important about this is that if judges appear biased,

our confidence in the rule of law is affected. And if we don't have faith in the jendas can carry out their duties ethically and responsibly, then the judiciary has a problem. Melissa Hailin's our guests. We're talking about the top ethics coverage stories of one that the one you have here again was somewhat new to me. Uh, mental health disparity as it relates to female attorneys. Talk to me a little bit about what that is, sure, and

you know I've written a bit on mental health. It's very important in the legal profession because lawyers experienced alcohol use disorders at star higher rates than other professionals. Also, they have more significant mental health distress. Now, this particular study was was very surprising because it showed that women are suffering more than men. I believe the findings. UM cited that one third of the women screened versus one fourth of the men reported high risk drinking. I think

there's a global problem right now. Everyone's been suffering these past two years from mental health distress through the pandemic. But so I think this story really is pertinent to everyone, not just attorneys. This next one caught my attention, and I find it fascinating because as it's you know, what was brought on by remote work in the pandemic, This whole issue of lawyers working from jurisdictions where they aren't licensed, that's a fascinating question. In general, In the past, attorneys

were not allowed to work where they weren't licensed. Right now, anyone can work from anywhere and there's there's really no penalty,

but lawyers could be held ethically liable for doing that. However, since the pandemic, a number of jurisdictions enacted either legislation or past advice ethics opinions, including I think New Jersey, the Columbia, Florida, and Pennsylvania, saying it's okay for attorneys to work where they live, even if they're not barred there, as long as they didn't hold themselves out to be

able to practice the law of that jurisdiction. So, for instance, in New York, UM, a lot of attorneys work in a bar to New York but live in New Jersey. So now it's okay for them to be working from home in New Jersey as long as they're only practicing New York law. If that's where they're barred. It really reflects kind of a general shift in thinking about, you know, the legal professions, which really based on what clients and

the consumers wants. It's fine for them where you know, it doesn't matter where their attorney is, as long as they're doing competent, diligent work. Melissa Helen as Augusta. She is a reporter with the Bloomberg Industry Group. Final question has to do with the big headlines of the year. Uh, this one has to do with the Varsity Blues case. What is the ethical question there? The ethical question really was,

I suppose honesty. Um. Gordon Kaplan, he's a former had Wilkie far he was found to have engaged in misconduct when he paid seventy five dollars for his daughter to help gain admission into college. And I think, you know, I'm not sure whether he was the only only involved. There were celebrities. I think, you know, actors Lori Laughlin who are also involved and spent some time in jail. And Um, I think with Kaplan, what was significant was

although he was suspended, he wasn't dis barred. I believe a number of attorneys thought maybe this was it was possible he would be this barred, but he did show. I remember reading the opinion remorse a lot of remorse for his actions, and it was believable. And this is a big thing in um and lawyer um discipline remorse and if you're if you're if the judges can believe that you feel bad about what you did, it's possible

that your sanction will be a lessons. Melissa haman reporter with the Bloomberg Industry Group, appreciate you taking time and joining us on Bloomberg Law. Thank you for having me joke. There were a number of ransomware attacks in one and there's expected to be no shortage of them in two. Businesses will be grappling at them. Is they raise all

sorts of legal issues. Veronica Glick is a partner at Mayor Brown's Washington, d C. Office and a member of the firm's national security and cybersecurity and data privacy practices. She joined me to discuss the growing threat. What does it look like to be attacked? And I guess if we broke it down by time, you know, the first hour, the first seventy two hours, the first week. Ransomware is a type of malware that locks up systems for the

purpose of extortion. Handling these kind of incidents is very complicated. You're often managing a range of legal, technical, and reputational considerations on a very short time frame. One common misunderstanding is that in this first few hours you know what's going on, what data has been impacted, and maybe sharing that information with with regulators or consumers. That's actually quite rare.

So in those first few hours, generally you're mobilizing your team and just making sure that you have very basic understanding of the facts and that your communications are secure. Within those first seventy two hours, you're still really just trying to get your arms around the fact. Some jurisdictions have a very quick timeline for notifications, so g DPR

is a well known example of that. Some companies will be having those initial heads up communications with regulators, and there's some contractual notifications as well to have a quick turn and then again within that first seventy two hours, there it may make sense to communicate with law enforcement and have other certain external communications. But particular challenge with ransomware is depending on the deadline that the ransomware actors provided.

At this point, already you may have to have a decision on the strategy around a gage with a threat actor and whether you're going to be communicating with them at this point. Veronica Glick is our guest. She's a

partner at Mayor Brown's Wanting to d C office. She also serves on a pro bono basis as Deputy Chief Council for Cybersecurity and National Security to the US Cyberspace Silarium Commission, bipartisan commission established by Congress to develop a comprehensive strategy to defend the US from significant attacks and cyber space. Tell us about this commission and the work being done there. So it's been very inspiring to see a collaborative by partisan process in action that we've seen

with the Hilarium Commission. It's truly impressive how many of the Commission's recommendations have moved forward into law or or making those steps. For those interested in this topic, I highly recommend taking a look at the report and subsequent white papers that the Commission has put forward. What are

your thoughts about reporting requirements and or regulations? I mean, because so often, as we all know, when there is a ransomware attack, most times very few people ever learn about it right, and I think we can expect to see in addition to hyper cyber standards, increased cyber reporting and increased information sharing, there's the increased effort and attention. As you mentioned, ransomware has really ramped up, and there's

attention to that issue now on reporting. Even though mandatory reporting requirements didn't make it into the n d a A this year, there appears to be by partisan support. So I think it's reasonable to expect that some requirements will be developed and those will most likely first apply to critical infrastructure in industries. Let's say with you know, the meat supplier JBS or the colonial pipeline, if we had some reporting requirements or regulations, what would have happened

or could have happened or should have happened. There are right now some reporting requirements that apply depending on what sector you're in. This is not something completely new, it's more of an increasing trend. And practically speaking, what this means is going towards that very quick coordination that's required when a ransomware attack happens, so at the very outset when you're trying to gather information. In fact, whatever sector you're in should be aware of which agencies you should

be reporting to if you meet that notification requirement. So it's important to be aware of the notification requirements trigger and who your point of contact would be at that agency. Okay, let's say we have ten ransomware attacks. How many of those ten are an employee clicking on an email or an attack meant they shouldn't click on, and how many our back end intrusions in practice, I think it's actually very hard to tell because a lot of its relies

and self reporting. But from what we've seen a lot of the guidance coming out of cybersecurity firm and also from the government, So for example, to stop ransomware websites provides guidance. You'll see a combination of focus on some of those key steps and multifacro authentications, patching systems, but also employees clicking on phishing emails. Depends how you look at the numbers. It can vary based on the size

of your business and the industry that you're in. However you look at it, fishing still appears to be quite a significant percentage of the initial intrusion points. As we look at two. Have we learned from the lessons of the past or not going forward. I think we continue to see ransomare attacks are increasing, but there's also an increased domestic and global effort to try to reduce this threat. That includes global law enforcement coordination, efforts to build stronger

cyber resilience, and also improved information staring. Veronica Glick, partner at Mayor Brown in Washington, d C's office. We appreciate you joining us today on Bloomberg Law. Thank you very much. That's it for this edition of the Bloomberg Law Show. Remember you can always get the latest legal news on our Bloomberg Law podcast. You can find them on Apple podcast, Spotify, and on www dot Bloomberg dot com slash podcast Slash Law, and remember to tune into The Bloomberg Law Show every

night at ten pm Wall Street Time. The show is produced by Eric Mallow for Bloomberg Radio. I'm Joe Shortsleeve. Thank you for listening, and remember to tune into the next edition of Bloomberg Law right here on Bloomberg Radio.