As your practice management advisors we want to ensure you are aware that April 8th, Microsoft retired support for their XP Operating System. Does this mean that Microsoft XP computers will shut down over night? Absolutely not. But what it does mean is that Microsoft will no longer release security updates or offer technical support for this OS. Your firm can be held liable for using the wrong software Another big concern is how this may affect a Law Firm from a liability standpoint.
This article, from the New York Law Journal best explains the possible repercussions for a Law Firm that remains on XP.
If you have any questions please contact us.
Below are some important snippets from the article.
"...there will be no further technical support from Microsoft and no more security updates...ever. That should be a particular concern, since the combination of a widely used 13-year-old operating system and an older version of commonly used office software going out of support on the same day is basically a dream come true for hackers" .
"Unfortunately, hackers aren't stupid. Those with effective attacks against Windows XP will wait until after April 8 to use them so that Microsoft will never patch the system to defend against them. The sheer number of XP users (even after the end-of-life date passes) and vulnerability of the OS make it an extremely attractive target for organized crime and other cyber criminals going forward. Numerous commentators-as well as Microsoft itself-anticipate a spike in malware attacks against XP just after April 8th.The issue here is not whether Windows XP and Office 2003 will still work at 12:01 on April 9 (they will). It's whether they will be so insecure that it would be foolish for an attorney or law office to keep using either of them (they will)."
"The Model Rules of Professional Conduct were updated in 2012 specifically to address the effect of technology upon the legal profession. Those changes are readily applicable to this situation.
The language in Comment 8 to Rule 1.1 (Competence) has been amended to emphasize a duty for attorneys to stay up-to-date on technical matters pertaining to the practice if law: "[A] lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology..." Model Rules of Professional Conduct rule 1.1, cmt. 8 (2014) (emphasis added).
Paragraph (c) of Rule 1.6 (Confidentiality of Information) states:
(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.Model Rules of Professional Conduct rule 1.6 (2014)."
"Comment 18 to Rule 1.6 relates to the need for a lawyer to "act competently" to prevent the disclosure of "information relating to the representation of a client." It offers a safe harbor provision and factors to determine the reasonableness of an attorney's conduct in protecting the information at issue: Factors to be considered in determining the reasonableness of the lawyer's efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer's ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).
Model Rules of Professional Conduct rule 1.6, cmt. 18 (2014)."
"In addition to the Model Rules, using unsupported Windows XP or Office 2003 software after April 8 will not comply with security requirements under the Health Insurance Portability and Accountability Act (HIPAA) (see 45 C.F.R. §164.306(e) (2014)) and other applicable statutes, much less the strict data breach disclosure requirements and potentially significant fines under state and federal laws. Doing so would also provide an effective basis for a colorable legal malpractice claim. For any attorney or law firm suffering a data breach while continuing to use Windows XP, it will be difficult to make a straight-faced argument in court that it was reasonable to safeguard client data with well-known outdated software that the software developer very publicly announced would no longer receive any further support or security updates."
"If you are still using Windows XP, time is running very short. There are numerous steps needed to set up a new system, migrate data, etc. The amount of time it will take depends on the size and complexity of the network at issue; but don't delay-a large network could take well over a year to completely migrate to a new operating system.With the end-of-life date rapidly approaching, the Windows XP operating system and any software running on it should have no place in any law office. If your firm is still using it and isn't at least well into the migration process to Windows 7 or 8.1 by now, the situation needs to be addressed immediately."