Protecting your digital life, not just your digital assets: a reflection on how our digital and analogue lives have become meshed and how this has impacted the world of estate planning.

As our digital life has evolved, so have cyber threats. Cyber security is now a key concern in estate planning, evolving to embrace the management of a person’s digital life in the event of their disability, incapacity or death. What would be the impact on you or your family if you lost access to any of your digital assets (records or accounts), devices or business systems on which you or your business depend?

The first era – legal practice in the late 20th Century

In the mid-1980s, my family’s law practice embraced the Apple Macintosh, a technology choice that endures today, albeit with a grudging acceptance of Windows-based systems in many areas of practice operations.

Personal Computers (PCs) were still seen as devices to accelerate clerical functions in an office. The first application of a computer in Hooton & Perkins was to create and manage a database of our safe custody and archive records.

Replacing our ageing electronic typewriters with Apple Macintosh computers and Microsoft Word software was the work of the latter half of the 1980s, accelerated by the introduction of laser printers.
The idea of computers being connected outside the office environment was fanciful until email arrived in the 1990s.

The Internet burst out of the University and Government sectors but was seen as a separate place you went to through the agency of a whistling analogue modem. Digital communication lines were expensive and rare in Australia. It is interesting to reflect on the Tech Wreck of the early 2000s and the amount of work we were asking ISDN lines to do.

The enduring memories of this era are:
1. We were still in a largely analogue world,
2. We controlled access to devices largely by managing where they were located and who had access to those places.
3. Digital security was achieved by using offline backups and sending backup tapes to an offsite location.
4. Office file servers had minimal exposure to external users.
5. Remote networking was very restricted. The Law Foundation broke useful ground with its First Class Law platform. The businesses that drive the legal profession strongly resisted establishing common system infrastructure to streamline the practice of law.
6. Encryption and virus protection of devices were steadily evolving.
7. Security was a matter of locking stuff up.
8. Breaches of security were most often inside jobs or examples of poor work discipline.

The early 21st Century – the practice of law evolves quickly

  • Online document assembly and research services evolve.
  • Online document management systems become available to small- to medium-sized law firms in the early 21st Century.
  • Email becomes pervasive and steadily replaces formal physical letters for the bulk of professional correspondence.
  • The evolution of document assembly and workflow management remains largely in the hands of large law firms.
  • Practice Management systems evolve to be cloud-based and not just local server-based.
  • “The Cloud” evolves and continues breaking down the hardware hegemony of the Apple v. Microsoft v. Unix hardware-defined world of the last 35 years or so.
  • The capital cost of creating a law firm drops as cloud-based practice management systems evolve and the cost of PCs drops.
  • Most law firms remain driven by their human capital rather than their technology.

Who would have thought when the iPhone was launched it would evolve to being a pivotal device to assist in the operation of our lives? How would we have coped during the pandemic without our iPhones, iPads and similar devices?

  • Online digital storage services become a fact of life.
  • USB sticks became a pervasive data storage and transfer device.
  • The loss of a physical device became a major organizational security risk.
  • Our idea of digital assets shifted. Initially just the offline record of a business operation or communication event, we started thinking in terms of online accounts, data and business systems.
  • Digital security shifted from the local device to the online system or service to which a business was connected.

The greatest weakness in organizational digital security remained human behaviour.
Virus protection, encryption and password management become the usual tools for cyber security in small to medium law firms.

2023 – a reality check

The idea of an inventory of a person’s digital assets is now commonplace in trust and estate practice. The Society of Trust and Estate Practitioners (STEP) Digital Assets Special Interest Group provides a useful guide to understanding your digital assets, why they are important and how to plan your digital legacy.

With the advent of the online version of Microsoft Office, we are used to our firm’s data storage now being part of an online service such as Office 365 and Dropbox.

We have faith in the online security wrapped around the online services and accounts which now help drive our business.

Online business systems and associated coding are now seen as practice assets.

Organisational dependency on the technology that drives the business or firm is increasing.

A person’s access to controlled government and financial services is increasingly by that person’s authenticated digital persona.

Identity fraud is on the rise.

Cyber-attacks are on the rise. “Traitors” are those who compromise organisational security.

Ransomware is being regularly deployed.

Humans remain the Achilles heel of security arrangements for organisations, people and families alike.

Estate Planning is evolving to embrace planning for the management of a person’s digital life in the event of their disability, incapacity or death.

Responsibility for device security is now part of the role of an attorney, trustee or executor. The idea of what a client’s significant assets are has expanded to include their digital and not just their analogue life.

A key question in our estate planning conversations is:

“What would be the impact on you or your family if you lost access to any of your digital assets (records or accounts), devices or business systems on which you or your business depend”.

Some concluding thoughts

Human behaviour remains the most compelling security risk in managing our digital life. We cannot rely on technology alone.

Whilst perimeter security around people, devices and resources remains important, planning for coping with the loss of a key asset or resource is escalating in importance for small to medium-sized businesses and families.

Protection from external threats is being complemented by a focus on protection from internal human threats.

Risk mitigation needs people to plan how they will bounce back from the loss of a key asset. This is why cyber resilience is such a crucial element of dealing with your digital life as you work out:
1. How do you plan to bounce back from the loss of a key asset?
2. What do you care about?

Just building walls around assets is no longer a sufficient planning response. And if the asset is of sufficient significance, working out the asset concerned is handed over to successors is an expanding part of our work.

The STEP Digital Inventory is a useful resource to start working out how significant a person’s digital life actually is. Once that is understood, creating strategies for the conservation, administration, governance of, and succession to, the digital asset can then occur.

These issues are typically canvassed in our estate situation review service, the first phase of our estate planning engagement.

As our digital lives evolve, our clients’ cyber resilience in an estate planning context needs ongoing review. For support exploring and evaluating how these issues affect you, your family or business, contact us.