Sign up for our free newsletter.
Question: Cyber-attacks are on the rise, and our firm is very concerned that client confidentiality may be compromised. What are some of the short-term and long-term tactics we can implement to minimize this risk?
Robert Baumgarten: “Unwilling Zombie Pawns of the Ne’er-Do-Wells.” The battlefield upon which we engage cyber intruders has shifted from the server rooms and data centers to the space occupied between the desktop and the chair—to the attorneys, paralegals and administrative assistants. Law firm IT professionals already understand what weapons are available to prevent the onslaught of cyber intrusions—from the basics of patching and application whitelisting to dozens of more sophisticated mitigation strategies. Ask and they will tell what they need, as well as the cost and the benefit of action or the danger of inaction.
They’ll also confess the cold, dark reality that no firm, client, corporation or country is impervious to attack.
We must utilize some of the same strategies employed by our adversaries if we are to persevere. Initiate a persistent, targeted and ever-evolving campaign of end-user awareness—a steady drip, drip, drip of security-minded information, ranging from emerging threats to developing scams, to constant reminders of the dos and don’ts, and real-world examples of things that go bump in the night—so that when they see something, your end-users will say something because they recognize the threat for what it is. By constantly feeding your users bite-sized pieces of awareness, eventually you create a formidable army that is part of the solution—and not the unwilling zombie pawns of the ne’er-do-wells.
Robert J. Baumgarten is the CIO at Shulman, Rogers, Gandal, Pordy & Ecker in Potomac, MD, and has more than 20 years of experience in cyber-security issues facing law firms. He is the father of four, a former Marine, and an avid sailor.
Elias Montoya: “The biggest threat is your own internal users.” With more firms vying to go paperless, more client data resides on our computer networks. Along with the great benefits of digitizing client documents comes the increased risk of unauthorized access to that data. IT network policies that align with sound risk management should be the basis of network security practices. However, even the toughest measures meant to keep intruders out are not good enough.
The biggest immediate threat is your own internal users. Their lack of knowledge, combined with the ingenuity of hackers, makes them the primary target of cyber-crimes. Investing time and resources in educating attorneys and support staff, in conjunction with sound policies, is the best way to minimize such risks. Educate people on the importance of security, why policy exists and the consequences of not abiding by such policies. They should know the ultimate goal of these policies is to protect the firm and the client’s data, which everyone has an obligation to protect.
Social networks are big threats to system security. Just like emails before them, hackers and cyber-criminals are now exploiting the social networks, and law firms should be taking note. Malicious links abound on the social media sites, and user accounts are hacked regularly.
The use of smartphones with third-party email access, along with seamless integration with social media—such as Facebook integration with the contacts management apps on smartphones and tablets—presents risk. Imagine someone from your firm writing a confidential email and mistakenly sending it to the wrong person, or worse, to a social network. When that happens, that information is integrated into the social media servers, where it should never reside. Even worse, it can be posted, exposing information publicly.
In this evolving “bring your own device” era, policies and control measures should be reviewed to minimize a data breach.
Elias Montoya is Technology Director at the Miami-based Abadin Cook, where he oversees and manages the firm’s IT operations as well as litigation support services. He was the main architect of the firm’s paperless workflow system, making Abadin Cook one of the first paperless law firms in South Florida.
John Sroka: “It’s no secret, since late 2009 the FBI has been warning law firms about noticeable increases in cyber-attacks.” Hackers consider law firms soft targets with a high concentration of critical, private information. This was reinforced again in January at LegalTech New York by an FBI security expert. Firms’ needs and security requirements will vary. However, there are basic defenses that should be employed by all.
John J. Sroka is CIO at Duane, Morris LLP, overseeing all aspects of technology-related initiatives, including practice support, Web development, help desk, training, telecommunications and network services. In 2007, John was named “IT Director of the Year” by Law Technology News’ 5th Annual Law Technology News Awards.
George Theochares: “When ’60 Minutes’ is knocking on your door, it’s too late.” Recently Secretary of Defense Leon Panetta warned in a speech at Georgetown University that “a hostile country could attack America by computer: a 21st century Pearl Harbor.” Cyber security is no joke, so make it a priority and use a commonsense approach to prevention.
Will there be hoops to jump through? Will they make it harder to access data? Well, yes. It’s a trade-off and a business decision. The bottom line: If it’s important to you, it’s likely important to someone else. Protect your interests.
George Theochares is the IT Director for Campbell Campbell Edwards and Conroy, with more than 17 years of experience in the legal profession and another 25-plus years in information technology and security.
Stephen Wilder: “Four Key Areas of Risk from Cyber-Attacks.” When addressing risk it is often easiest to think of it in terms of four categories: (1) Avoidance, (2) Mitigation, (3) Management and (4) Transfer. With respect to cyber-attacks, risk avoidance is basically an impossibility. Therefore, firms need to focus on the other three areas:
Stephen G. Wilder is the Manager, Professional Liability Division, at M.G. Welbel & Associates, Inc., in Northbrook, IL. He is presenting on “Cyber-Attacks: The Liability Risks to Your Firm” at the 2013 ALA Annual Conference on April 16 in National Harbor, MD.
Rob Wilson: “You have an ethical responsibility to keep confidential information confidential.” With the increasing sophistication of cyber-attacks, law firms need to make sure the proper technologies are in place to circumvent security breaches. Some guidance:
Awareness is the first step in protecting your firm from outside attacks and keeping your clients information safe and confidential.
Robin (Rob) Wilson is an Information Technology Manager at Wolcott Rivers Gates. He has more than 15 Years of experience with the installation, maintenance and administration of Novell and Microsoft networks.
No, not every law firm has a full-time administrator or professional management to guide them. Send us your questions via email, or use the comment section below, and we’ll pass them on to the experts at the Association of Legal Administrators. Watch for the best ones here in “Ask the Experts.”
The Association of Legal Administrators—Where you can find the resources, network and knowledge to run a successful law practice.
»Attend the ALA Annual Conference & Exposition, April 14-17, National Harbor, MD.
»Quality Attorney Leads. Reach Prospects Online. 10 Free Leads.
»Cloud-based practice management software: Free 30-day trial!
»Learn more about the easiest way to get paid.
»Simplify your practice with legal practice management in the cloud.
»Lawyernomics 2013: Generate more business online. Early bird deadline Feb. 28.
Sign up for our free newsletter.
Advice on letting go from Heidi Alexander, Sheila Blackford, Natalie Kelly, Lee Rosen and Sharon Nelson & John Simek.April 19, 2019 0 2 0