If you're thinking that the inexorable movement of information management (e.g. lawyer work) into a cloud-based delivery system means that technologists will somehow find a way to solve the problems of hacking, cybertheft, and viruses, think again. Human nature in the future will still be human nature, even if encroached upon by artificial intelligence.
So, staying on top of your professional obligation to protect your own and your clients' information in an environment and with tools foreign to your own expertise will be an ongoing challenge. For that reason, several other jurisdictions have recently amended their rules of professional conduct to add an explicit rule requiring lawyers to maintain appropriate tech competence. The trick is knowing what constitutes a "reasonable effort" to protect confidential information in the face of constantly evolving security threats and the tech tools to counteract them. For example, do you have the latest state-of-the-art plug-in free information rights management (IRM)? Do you need it? Just asking.
The State Bar's 21st Century Practice Task Force will be considering the MRPC rule change proposal as part of its broader charge; your input on the details of any change in the rules is welcome.
Meanwhile, the threat today is real. It's almost become a cliche -- there are two kinds of law firms: those who already know they've been hacked, and those who don't know they've already been hacked. Here are two timely pieces: How to Encrypt Data on Your Mac in a Few Simple Steps, from Law Technology Today, and a primer on cyber insurance from the Minnesota State Bar Association.