Home » Large Law » SlideShare Friday: Why Law Firms are at Cybersecurity Risk

SlideShare Friday: Why Law Firms are at Cybersecurity Risk

Oops says the End User and Law Firm Cybersecurity

Law firms “may not be the primary target” of cybersecurity attacks, according to a compelling presentation published online by Accellis Technology, a certified LexisNexis consultant, titled: Law Firm Cybersecurity: Practical Tips for Protecting Your Data.

The presentation is this week’s Friday Share and is embedded nearby.

Firms are at risk for maintaining “tremendous amount of highly confidential information and information.”  The group calls this information “currency” in the trade of stolen information.

Security, Investment and End Users

The Accellis team says hardening law firm security requires more than just money.  It points to a prominent investment bank that invested more than a quarter million dollars each year, and still experienced a breach where millions of user and business accounts were exposed.

Why? “End users are the single weakest point in any network,” according to the presentation, which points to phishing schemes and social engineering:

  • Phishing schemes usually come in the form of malicious emails encouraging readers to click a link that installs malware behind the firewall. These scams have become increasingly sophisticated in an effort to create the appearance they are from trusted sources.   One legal malpractice insurance carrier explained a common scheme to which small law firms are especially vulnerable here: A Tricky Email Scam and Avoiding Law Firm Malpractice.
  • Social engineering is “Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures,” according to Search Security by TechTarget. In other words, it’s a convincing phone call to law firm staff in an effort to elicit revealing information to aid a breach.

The Accellis presentation also describes a “Dyre Wolf” attack, with is a complex synchronization of multiple techniques like those described above.

3 Common End User Mistakes

The experts at Accellis also describe three common mistakes end users make, which is useful for law firms to understand in assessing vulnerabilities.  Those mistakes are as follows:

1.  “D’oh!”: ever sent an email to a client and about .0009 seconds after hitting the send button, you realize you’ve sent information to the wrong recipient? DBIR reports this as being the single largest exposure point for data

2. “My Bad!”: According to the same DBIR reports, about 17% of the breach / disclosures are the result of users publishing nonpublic data to public servers. Sensitive client data does not belong on the Google!

3. “Oops!”: The last bucket of end user snafu’s is the insecure disposal of personal and medical data.

The complete presentation includes five recommendations for law firms “to get in front of the problem” and beginning with putting someone in charge of cybersecurity.

If you enjoyed this post you might also like:
5 Things Corporate Legal Execs are Seeking in Data Security

Photo credit:  Accellis Technology: Law Firm Cybersecurity

Facebook Twitter Pinterest Plusone Linkedin Digg Delicious Reddit Stumbleupon Tumblr Posterous Email Snailmail

About Frank Strong

Frank Strong
Frank Strong is the communications director for the LexisNexis software division located on NC State’s Centennial Campus in Raleigh. In this capacity, he leads communications efforts in support of software products for law practice and law department management and also litigation tools – across large law, small law and corporate counsel segments. With more than 15 years of experience in the high-tech sector, Strong previously served as director of public relations for Vocus, which developed marketing, PR and media monitoring software. He has held multiple roles both in-house with corporations, ranging from startups to global organizations, and has also endured the rigors of billable hours, having completed gigs at PR firms including the top 10 global firm Hill & Knowlton. A veteran of two year-long deployments, Strong has concurrently served in uniform in reserve components of the military for more than 20 years, initially as an enlisted Marine and later as an infantry officer in the Army National Guard. Strong holds a BA in Film and TV production from Worcester State University, an M.A. in Public Communication from American University, and an M.B.A. from Marymount University. He is a PADI-certified Master Scuba Diver and holds a USPA "B" skydiving license.