Skip to the main content.
APPLY NOW RENEW
Facebook Instagram Linkedin YouTube
ALPS Blog
Free Law Firm Guides
Assess Your Firm's Risk
ALPS VERA Icon
Free Risk Assessment Use our free Virtual Ethics Risk Assessment (VERA) tool to quickly and effectively understand where your firm falls in terms of risk management.
Insurance Glossary
← Blog Home

3 min read

Are Your Court Reporters Vulnerable - A Cyber Security Checklist

Picture of David Carter, J.D. David Carter, J.D. : Posted on December 20, 2023

Cybersecurity
Are Your Court Reporters Vulnerable - A Cyber Security Checklist

The numbers are alarming: At least six AmLaw 100 firms have been the targets of cyberattacks so far in 2023, according to the American Lawyer

Cybersecurity challenges aren't limited to the legal industry, of course. Bud data breaches at law firms present special challenges. After all, the rules of professional conduct impose upon lawyers and their employees a duty to preserve and protect confidential client information. On top of these obligations, many firm clients require that their data be protected and treated in a secure manner. These obligations extend throughout the course of the representation, which includes the discovery process in litigation, where court reporters and court reporting firms play a critical role and frequently receive confidential information in, or convert such data to, electronic form during depositions, arbitrations and court appearances.

alps guide to cybersecurity

While lawyers are—or should be—keenly aware of the risk of direct cyberattacks, many are less familiar with the risks posed by many court reporters. It’s important to remember that many (if not most) court-reporting companies rely on independent contractors. This means that their court reporters, scopists and proofreaders are typically outside the scope of their cyber security protocols and therefore vulnerable to breaches.

Because the court reporting industry routinely relies on an independent contractor model to staff jobs, and because cyber criminals have set their sights on law firms, law firms must understand the security protocols and procedures used by all of their contractors and vendors, including court reporting agencies. To minimize the vulnerabilities of court reporters, scopists, proofreaders, transcript producers, and any personnel involved in transcript preparation, both employees and freelancers, it’s important to ask the right questions.

To accomplish that, here is a checklist for legal operations personnel, law firms, attorneys, and decisionmakers to use when selecting court reporters and agencies. Since so many depositions are taking place virtually, this list is specifically tailored for anyone considering a court reporting agency for a virtual proceeding.

  • Human Resource Policy
    • Does the agency conduct criminal background screening on everyone, especially contractors and subcontractors?
    • Is everyone required to attend security awareness training annually?
  • Business Ethics And Corporate Compliance
    • Are they required to participate in an annual training which reinforces company expectations regarding security compliance and ethics responsibilities, non-disclosure of insider information, code of conduct and conflicts of interest?
  •  Authentication
    • Do they enforce their password, update and lock screen policies for everyone?

  • End User Device Security and Personal Computer Policy and Procedures
    • Do they ensure everyone regularly updates the operating systems on their desktops, laptops or tablets to patch vulnerabilities?
    • Do they ensure everyone has current anti-virus and anti-malware software operating on desktops and laptops?

  • Remote Network Access
    • Do they ensure that everyone who performs transcript preparation utilizes encrypted communications for all remote network connections from external networks to networks containing scoped systems and data?
    • Do they mandate encrypted communications for all those who access remote systems, including the use of full disk encryption on computers and restrictions against the use of unencrypted email to exchange exhibits and transcripts?

  • Vulnerability Management
    • Do they have a vulnerability management policy or program, including vulnerability scans?
    • Does that policy or program extend to everyone who performs transcript preparation functions?
    • Does their delivery of software, firmware and/or BIOS updates to clients through automatic downloads such as Windows Update and LiveUpdate extend to everyone?

  • Cybersecurity Regulatory Compliance
    • Do their documented policies and procedures to enforce applicable legal, regulatory or contractual cybersecurity obligations apply to everyone who performs work that is related to transcript preparation?

  • Information Management
    • Do their policies and procedures for information handling apply to everyone who performs transcript preparation functions?
    • If so, do such policies:
      • Require everyone to encrypt data on any desktops, laptops or tablets that they use to do their job?
      • Restrict people from the use of unauthorized cloud storage to hold or transmit transcripts and exhibits?
      • Proscribe proper protocols for using email, web and file transfer services to hold or transmit transcripts and exhibits?
      • Provide guidance on the use of removeable media such as thumb drives to hold or transmit transcripts and exhibits?
    • Cybersecurity Incident Management
      • Does their Incident Management Program (“IMP”) require everyone to identify a point person to notify in the event of a cyber security incident?
      • Does the IMP require everyone to immediately notify that person of a potential data breach or cybersecurity incident?
      • Does their IMP include escalation procedures and client notification in the event of a data breach or cybersecurity incident involving anyone engaged in transcript preparation?
    • Independent Oversight
      • Does their independent audit, such as SOC (System and Organization Controls), treat everyone as being “in scope” for purposes of the audit?

The threat of a data breach is enough to keep attorneys up at night. However, there are steps that law firms can take to minimize their risks. That includes ensuring that all participants in the litigation process are maintaining the same high standards of security, including court reporters. By asking the right questions, attorneys can help ensure that they maintain their professional responsibilities, keep their clients happy and avoid the same types of attacks that are making headlines across the legal industry.
Ransomware in the Supply Chain – Are You at Risk?

5 min read

Ransomware in the Supply Chain – Are You at Risk?

Picture of LMG Security LMG Security : Jun 8, 2021

7 tips for protecting your community from attacks like the one on Colonial Pipeline By LMG Security The recent ransomware attack on the Colonial...

Cybersecurity
Read More
There’s Something “Phishy” about Certain Text Messages

2 min read

There’s Something “Phishy” about Certain Text Messages

Picture of Mark Bassingthwaighte, Risk Manager Mark Bassingthwaighte, Risk Manager : Nov 20, 2019

For the sake of your clients, I hope you, and every other person who works at your firm, know full well what phishing attacks are and at least the...

Cybersecurity
Read More
Why You Must Immediately Report a Cyber Claim

2 min read

Why You Must Immediately Report a Cyber Claim

Picture of Stacey Smith Claims Manager Stacey Smith Claims Manager : Aug 21, 2018

It seems that every week, the news reports on yet another company that suffered a cyber breach. Law firms, even small firms, are not immune from...

Tales from the Claims Files Law Practice Management Cybersecurity
Read More