SlideShare une entreprise Scribd logo

Law Firm Hacked by Cyber Criminals

Richard Brzakala
Richard Brzakala

This document discusses the importance of cybersecurity for law firms. It notes that law firms have traditionally lagged behind other industries in implementing cybersecurity measures, despite increasingly becoming targets. It provides several recommendations for best practices including implementing information security policies, employee training, testing systems for vulnerabilities, and utilizing IT professionals for guidance. The document emphasizes that cybersecurity is about managing risks, and that as technology continues to change, firms must remain vigilant and adapt their strategies to new threats. People within a firm are also noted as one of the biggest security risks if not properly trained on cybersecurity practices.

Droit
1  sur  8
Télécharger pour lire hors ligne
1 Written by: Richard Brzakala Background “Law firm hacked by cyber criminals,” is probably one of the worst headlines imaginable for any law firm in today’s highly competitive marketplace. Cyber criminals are extremely well funded, sophisticated, and tenacious. Over the past decade, law firms have become increasingly attractive targets for numerous nefarious organizations looking to steal any type of confidential information that has economic value. While many corporations and private companies have been implementing safeguards and strengthening their technology defenses, law firms have, unfortunately, been laggards in the marketplace. All too often, firms of all sizes have been blissfully apathetic to either understanding or wanting to understand the information security risks and threats lurking in the marketplace. This article examines cyber and information security as it relates to the legal industry and provides strategic considerations for law firms looking to deal with information security issues. About the author: Richard Brzakala has 20 years of experience managing external counsel at two of the largest financial institutions in Canada. He has provided leadership and global oversight of enterprise legal management strategies, including alternative fee arrangements, cyber security, sourcing and innovative law firm performance benchmarks. He has managed relationships with hundreds of law firms across the globe and developed innovative practices with regards to in house legal management, business outsourcing and competitive RFP practices. He is recognized as a market thought leader with regards to LPM and law firm management. He has consulted international companies on convergence, cyber security, pricing and sourcing strategies and written numerous articles related to outside counsel management practices and matters. Disclaimer: The views expressed here are solely those of the author in his private capacity and do not in any way represent the views of the CIBC or RBC.
2 As we have seen in the past couple of years through media outlets and press reports, many firms have paid the price for neglect and ignorance as firms have increasingly been hacked by cyber criminals or have had their confidential data compromised in some way. Governmental and regulatory agencies across the globe have, for years, been sounding the alarm for law firms to become more vigilant and invest in technology tools and risk management strategies that can help a firm safeguard its confidential client information. If you are a firm concerned about cybersecurity measures and your firm’s preparedness to defend against cybersecurity breaches, consider implementing some of the following best practices that will help safeguard your confidential information. Cyber Security Is About Managing Risk For a firm to truly protect itself and its client information from being compromised, it must understand that cybersecurity and information security are not just about the technology tools. Too often, a firm’s initial response to cyber threats is to look to the market to see what is available to update their antivirus software or some other type of solution that the firm assumes will cover them for all sorts of risk and cyber issues. Unfortunately, this is not the best approach. It’s not “if,” but “when” a cyber attack will happen. The best approach for a law firm seeking to tackle cybersecurity is to step back and assess its current state of information technology preparedness and work with IT cyber experts to develop a comprehensive cyber risk strategy that not only leverages the best available tools to protect a firm but aligns the information security strategy with a firm’s business goals. Firms should approach the establishment of a cybersecurity strategy from the perspective that it is not a matter of “if” a cyber attack or security event will happen but “when” it will happen. Firms should also consider whether they are adequately prepared to contain and respond to such events and, if need be, manage the repercussions of any fallout due to an event or breach. Cyber-security is about mitigating risk It’s not a question of “if” but “when” a cyber attack will happen..
3 Therefore, cybersecurity is not just about ensuring that your firm has the proper technology in place to mitigate against breaches, viruses, or other security threats. A successful comprehensive cyber strategy is based on understanding the many different risks that exist in the marketplace and within a firm as well as the changing nature of risk and the need to stay vigilant, mitigate, and adapt to the changes of risk. In recent years, government agencies and regulatory bodies have stepped up to try to provide the legal community with recommendations and assistance on managing information security. The Canadian Bar Association (CBA) and American Bar Association (ABA) have published a variety of information security documents aimed at assisting law firms with implementing greater information control and security measures. Corporations are looking for cyber savvy firms Increasingly, corporate clients are looking to their law firms for documented proof of how a firm manages its confidential information and the preventive measures that a firm has in place to mitigate against threats and cyber risks. Firms looking to implement cyber strategies should also consider including containerization procedures that detail how a firm would isolate things such as computer viruses or other data threats to stop them from spreading through a firm’s network if a breach or security incident were to occur. Clients are also looking for post- incident management plans detailing how a firm will deal with notification protocol, communication and response times, escalation procedures, and restoration plans for lost data. If your corporate client hasn’t asked you to provide them with a cyber or information security strategy, chances are pretty good that they will in the near future, or they may assume that you already have a comprehensive information security strategy in place. What you don’t want to have happen (aside from being hacked and compromised) is to have to explain to a client that you have absolutely nothing in place. In short, for the sake of your relationship you should be prepared to answer your clients in a positive way and provide them with adequate documentation to back it up. For many sophisticated corporate clients, such as big banks, it is no longer acceptable for a law firm to be blissfully IT illiterate. The Corporate clients consider their information and that of their clients to be sacrosanct.
4 expectations from clients are high. How you manage the information that a client shares with your firm speaks volumes about your commitment to that relationship and how you value your reputation and that of your clients. Today, firms have to be all things to all clients, and the answer can never be “I don’t know” or “It’s not important or cost effective to our firm.” Clients consider their information and that of their clients to be sacrosanct, and there is an increased expectation that firms will do everything they can to maintain the confidentiality of information entrusted to them. Financial Institutions (FI’s) see information security as table stakes Some FIs, such as the Canadian Imperial Bank of Commerce (CIBC), have been at the forefront of managing external counsel and information security when it comes to law firms. In 2015, the CIBC implemented a global comprehensive information security policy for all of its 250 law firms. The policy included a comprehensive list of information security re uirements and principles that its panel of law firms are re uired to comply with to represent the CI C on any of its matters. The CIBC saw a gap in its firms and developed a unique standardized approach with which all of its firms must comply. The CIBC was the first institution in Canada to launch such a comprehensive and extensive initiative with its approved counsel. In effect, the CIBC made cybersecurity basic table stakes for its panel of firms. Insurance companies represent another example of an industry that adopted information security requirements and changes in the way they deal with law firm clients. Insurance companies have started to factor the cost of law firm damages and claims attributable to cyber and information security matters into their premiums. Consequently, insurance carriers have included cybersecurity damage coverage in their policies for items such as damaged software, hardware, lost information and data, and even lost law firm revenue. In some instances, large insurance carriers have based the costs of their premiums on the level of a firm’s cyber preparedness and have offered well-prepared firms (with a low risk profile) discounts on their annual insurance premiums. The last thing clients (and law firms) want is for a data breach to occur that has an adverse impact on their reputation or that of their clients. If your firm is looking to implement an information security strategy, consider calculating and understanding the cost of any lost business should you be exposed to a cyber event. How much of an insurance claim would you need to make to carry on or reestablish your firm’s business in the post-cyber-event period? Aligning cybersecurity to a firm’s business strategy and goals is critical. Information security and RFPs Large companies that are increasingly looking to source legal work want to partner with firms that share their beliefs on safeguarding client information and the importance of cybersecurity preparedness. To that effect, corporate clients have amended their request for proposal (RFP) Some FI’s consider cyber security to be table stakes.
5 procedures to include requirements in regard to cybersecurity and managing information security risk. Once upon a time, corporate clients referred to information security only as a casual reference in their RFPs. There were few, if any, onerous demands or requirements placed on firms when it came to safeguarding a client’s information. In the past, RFPs would only ask that a firm use its “best efforts” when safeguarding a client’s information. Today, many RFPs include specific references to a client’s risk and reputation policy, confidentiality, records management and destruction, communication, and third-party vendor policies. In addition, sophisticated buyers of legal services will also include a dedicated information security section outlining numerous prescriptive IT requirements and expectations regarding how clients expect their information to be protected, as well as mandatory incident reporting requirements. Firms are also finding that client RFPs and the cybersecurity requirements referenced in the RFPs are now requiring never-before-seen responsibility on the part of the firm for any third- party vendors that a prospective law firm may utilize in the course of acting for a potential client. How a law firm responds to the information requirements in a RFP from a potential client is as important as the firm’s pricing proposal or the depth of legal expertise the firm has to offer and may make the difference in a competitive bid process. Many lawyers are information technology neophytes Perhaps another reason that firms have been reluctant to move progressively in embracing cybersecurity is because they are obviously made up, principally, of lawyers and not techies. Lawyers will argue that they went to law school, not to an IT institute, and that they are not paid to know all of the nuances of the latest information security practices or gadgetry in the marketplace. Quite honestly, when lawyers view cybersecurity and the detailed requirements thereof, it is like a foreign language to them. Consequently, most lawyers are neophytes when it comes to technology. They may know how to use a Blackberry or tablet, but they haven’t a clue about its inner workings, nor do they need to know. That is why firms should seek out trusted IT experts and consultants who can conduct thorough assessments based on international standards (ISO27001) and make recommendations on how a firm can improve its cybersecurity capabilities. It is worth the investment to have firm employees who are trained in the latest information security practices and who know how to manage a firm’s confidential information. Some firms have even begun to cleverly leverage their cyber credentials and preparedness for marketing purposes to attract new and larger corporate clients. Other firms have tried to leverage their cybersecurity preparedness or certification by trying to negotiate lower insurance premiums from their carriers. Law firms cannot afford to be in denial Over the course of my career in managing external counsel, I have spoken to many firms and discovered that there exists a wide gap in cybersecurity preparedness and information security literacy. Law firms cannot continue to be IT neophytes.
6 The education gap ranges from extremely impressive, adequately prepared tech savvy firms to poor, inadequately prepared and, sometimes, unapologetically indifferent firms. Some of the firms in the latter group have yet to see a compelling business need to invest in cybersecurity preparedness. The mantra coming from this constituency is usually the same; we are a small firm in a small town and we don’t need to worry about cybersecurity; the type of legal work we do doesn’t require cybersecurity practices; we have never had any information security incidents; who would want to hack our firm? Quite simply, smaller firms don’t see themselves as a prime target for international cyber criminals and, therefore, feel less compelled (than big law firms) to invest capital and resources in something that (in their minds) has never happened to date, and that is highly unlikely to ever happen. They are probably right that the likelihood of a cyber hacker in a foreign country wanting to infiltrate the computers of a small law firm in North Dakota or Saskatchewan is highly unlikely. It’s important to point out, however, that cyber hackers are only one of the cyber threats facing firms today. Core components of a cybersecurity strategy At its core, a cybersecurity strategy should include the following elements: • email encryption • a formalized information security policy for all law firm employees • annual cybersecurity awareness training for employees • an incident management process • annual testing of computers • antivirus safeguards • proper backup and storage of client information • strong passwords that expire The strategic importance of cyber and information security to a law firm cannot be understated. As innovation continues to change technology, and the utilization of business tools by users change and they adopt new business processes, the relevance and importance of how information security is managed in the midst of all of that change and flux is crucial. Other Information Security Threats Aside from cyber criminals, firms need to be cognizant of other security threats such as computer viruses, malware, phishing attacks, identity theft, and even rogue employees looking to electronically steal information or money. All of these threats pose a significant risk to firms regardless of size, client base, or location and underscore the There is a plethora of cyber threats…always present and always changing.
7 importance of why a firm should invest its resources and capital in a cybersecurity strategy. In addition, firms should never make the risky assumption that they are immune to security issues simply because that have never had an incident and assume, therefore, that they do not need to invest in a cyber strategy or security tools. This premise begs the question: how do you know whether you have been targeted or, for that matter, compromised if your firm doesn’t have the security measures to monitor and identify external and internal intruders? If assumptions are to be made, they should be based on facts as well as quantifiable and measurable data. A firm may have malicious spy software embedded into its IT infrastructure, or a rogue employee downloading and stealing information without the firm even knowing it, so making such claims may be irresponsible and risky. People are the biggest threat I recall that a law firm once questioned the need for implementing any cyber and information security requirements. Their argument was that they were (again) a small firm of ten lawyers with six assistants and that all of their employees were loyal and had been with the firm for at least ten years, with some having been with the firm as long as twenty years. The firm emphasized the trust and loyalty factor and that they had never had an information security incident. Unfortunately, this type of logic is flawed as described in the preceding paragraph. Most cybersecurity experts will argue that people are, in fact, one of the biggest security risks in a security chain. If employees are not adequately trained and updated on the latest cybersecurity practices, then they become the weakest link and a liability for an organization as the most at-risk personnel are often uninformed, innocent, and unaware employees who may compromise a firm in many costly ways, and not the cyber hacker in a foreign locale. IT Professionals and Cyber Consultants For a firm to understand whether its operations and procedures are deficient or unprotected from nefarious elements and cyber risk, it should engage the right internal and external stakeholders. Regardless of a firm’s size, someone, be it an office manager at a small firm or a CFO at a larger firm, should be entrusted and dedicated to managing Training all employees on cyber security practices is crucial …otherwise they are a firm’s weakest link.
8 and overseeing that the proper information security practices and tools are deployed at a firm. However, not every firm can afford to hire a full-time IT person. Instead, most small- to middle-sized firms now contract these services to IT providers who have the adequate background and knowledge to assist office managers with implementing basic cybersecurity measures. Ultimately, in today’s highly competitive legal marketplace, doing nothing in terms of cybersecurity for a law firm is not an option and may, ultimately, adversely affect the viability of a firm’s business model. Social Media Tools The legal marketplace has become increasingly competitive with the introduction of new service delivery models, technology tools, and the delivery of legal services. Social media tools such as LinkedIn and Twitter are the latest examples of what the legal marketplace is using to communicate, or to buy and sell, legal services. Just as the proliferation of social media presents opportunities for law firms, it also presents challenges as firms must learn to adopt their existing business procedures to adhere to new technology tools and weigh the risks involved in deploying new technology or changing business practices. Firms should not assume that, because their employees appear to be IT savvy, they are automatically cybersecurity savvy. This could not be further from the truth as many data breaches at firms occur because of cyber criminals exploiting ignorant employees who are not familiar with proper cybersecurity protocols. Bring your own devices (BYOD), virtual deal/transaction rooms, chat rooms, mobile and media devices, cloud computing, document processing, and storage facilities are just some of the examples of social media tools that present various information security challenges for firms, their employees, and clients. Clients have increasingly looked to firms to have information security governance policies in place governing social media. With the proliferation of social media devices at law firms, all law firm employees should be aware and trained on the risks associated with social media devices and social networking tools and the type of law firm data that can be disclosed online when using social media. Lastly, the legal marketplace has undergone a confluence between practice innovation and the delivery of legal services and IT tools. With all of the advantages that technology has brought clients, there comes risk and the obligation on the part of law firms to manage the changing face of risk wherever that risk resides. Ultimately, there is no room to be a cyber laggard when it comes to cybersecurity, as clients are increasingly demanding it and law firms cannot afford to dismiss it any longer. Copyright © 2016 by Richard Brzakala. This article may be reprinted provided that the author's byline, bio, and copyright notice are retained in their entirety.

Recommandé

Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Cybersecurity: How To Protect Your Law Firm Data
Cybersecurity: How To Protect Your Law Firm DataCybersecurity: How To Protect Your Law Firm Data
Cybersecurity: How To Protect Your Law Firm DataRocket Matter, LLC
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
In the news
In the newsIn the news
In the newsRob Wilson
 

Recommandé

Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Cybersecurity: How To Protect Your Law Firm Data
Cybersecurity: How To Protect Your Law Firm DataCybersecurity: How To Protect Your Law Firm Data
Cybersecurity: How To Protect Your Law Firm DataRocket Matter, LLC
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
In the news
In the newsIn the news
In the newsRob Wilson
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Convince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureConvince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureDave James
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability RiskChristopher Rieser
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Mark Baker
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsBrunswick Group
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
Cybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionCybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionNext Dimension Inc.
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Cissp notes
Cissp notesCissp notes
Cissp notesJagbir Singh
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Adecuaciones 2
Adecuaciones 2Adecuaciones 2
Adecuaciones 2Victoria Andrea Peña Peña
 
English work
English workEnglish work
English workangy angy
 
iR360 Media network 20160505
iR360 Media network 20160505iR360 Media network 20160505
iR360 Media network 20160505Anna Lee
 
Redacción de textos
Redacción de textosRedacción de textos
Redacción de textosmiguel roa rodriguez
 

Contenu connexe

Tendances

Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Convince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureConvince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureDave James
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouDATAVERSITY
 
Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Mark Baker
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsBrunswick Group
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Cybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionCybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionNext Dimension Inc.
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 

Tendances (18)

Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochure
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
Convince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cureConvince your board - cyber attack prevention is better than cure
Convince your board - cyber attack prevention is better than cure
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!
 
Big Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to YouBig Data: Beyond the Hype - Why Big Data Matters to You
Big Data: Beyond the Hype - Why Big Data Matters to You
 
Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)Reducing-Cyber-Risk-Whitepaper-Email (UK)
Reducing-Cyber-Risk-Whitepaper-Email (UK)
 
New York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulationsNew York DFS proposed cybersecurity regulations
New York DFS proposed cybersecurity regulations
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Cybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionCybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next Dimension
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
Cissp notes
Cissp notesCissp notes
Cissp notes
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & Executives
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 

En vedette

English work
English workEnglish work
English workangy angy
 
iR360 Media network 20160505
iR360 Media network 20160505iR360 Media network 20160505
iR360 Media network 20160505Anna Lee
 
Meta4.4 Derecho Informático Documental
Meta4.4 Derecho Informático DocumentalMeta4.4 Derecho Informático Documental
Meta4.4 Derecho Informático DocumentalFrancisco Cota
 
IR PROMOTIONAL BOOKLET ENGLISH (20160505)
IR PROMOTIONAL BOOKLET ENGLISH (20160505)IR PROMOTIONAL BOOKLET ENGLISH (20160505)
IR PROMOTIONAL BOOKLET ENGLISH (20160505)Anna Lee
 
Colombia desarrollo tecnológico y científico
Colombia desarrollo tecnológico y científicoColombia desarrollo tecnológico y científico
Colombia desarrollo tecnológico y científicoMaria Lancheros
 
Habilidades Comunicativas - Redaccion de Textos
Habilidades Comunicativas - Redaccion de TextosHabilidades Comunicativas - Redaccion de Textos
Habilidades Comunicativas - Redaccion de TextosEdwin Calderon Tovar
 
English work
English workEnglish work
English workangy angy
 

En vedette (12)

Adecuaciones 2
Adecuaciones 2Adecuaciones 2
Adecuaciones 2
 
English work
English workEnglish work
English work
 
iR360 Media network 20160505
iR360 Media network 20160505iR360 Media network 20160505
iR360 Media network 20160505
 
Redacción de textos
Redacción de textosRedacción de textos
Redacción de textos
 
Ginela ocampo garcia (corte 3)
Ginela ocampo garcia (corte 3)Ginela ocampo garcia (corte 3)
Ginela ocampo garcia (corte 3)
 
Meta4.4 Derecho Informático Documental
Meta4.4 Derecho Informático DocumentalMeta4.4 Derecho Informático Documental
Meta4.4 Derecho Informático Documental
 
IR PROMOTIONAL BOOKLET ENGLISH (20160505)
IR PROMOTIONAL BOOKLET ENGLISH (20160505)IR PROMOTIONAL BOOKLET ENGLISH (20160505)
IR PROMOTIONAL BOOKLET ENGLISH (20160505)
 
Por amor a la ecología
Por amor a la ecologíaPor amor a la ecología
Por amor a la ecología
 
Colombia desarrollo tecnológico y científico
Colombia desarrollo tecnológico y científicoColombia desarrollo tecnológico y científico
Colombia desarrollo tecnológico y científico
 
Umer Sharif
Umer SharifUmer Sharif
Umer Sharif
 
Habilidades Comunicativas - Redaccion de Textos
Habilidades Comunicativas - Redaccion de TextosHabilidades Comunicativas - Redaccion de Textos
Habilidades Comunicativas - Redaccion de Textos
 
English work
English workEnglish work
English work
 

Similaire à Law Firm Hacked by Cyber Criminals

For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015sarah kabirat
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
Trends 121415 Citizens Bank
Trends 121415 Citizens BankTrends 121415 Citizens Bank
Trends 121415 Citizens BankMichael Ouellet
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceNational Retail Federation
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...TraintechTde
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Choosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for BusinessesChoosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for Businessesbasilmph
 
How to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdfHow to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdfMr. Business Magazine
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Safeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber ThreatsSafeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber ThreatsWithum
 

Similaire à Law Firm Hacked by Cyber Criminals (20)

For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
 
Cyber Security and Data Protection
Cyber Security and Data ProtectionCyber Security and Data Protection
Cyber Security and Data Protection
 
Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015Cyber Security Privacy Brochure 2015
Cyber Security Privacy Brochure 2015
 
Untitled document.otd
Untitled document.otdUntitled document.otd
Untitled document.otd
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
Trends 121415 Citizens Bank
Trends 121415 Citizens BankTrends 121415 Citizens Bank
Trends 121415 Citizens Bank
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
CIOReview
CIOReviewCIOReview
CIOReview
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Choosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for BusinessesChoosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for Businesses
 
How to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdfHow to Start a Cyber Security Business.pdf
How to Start a Cyber Security Business.pdf
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Safeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber ThreatsSafeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber Threats
 

Dernier

Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeMelvinPernez2
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
Presentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointPresentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointMohdYousuf40
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfDrNiteshSaraswat
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791BlayneRush1
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 

Dernier (20)

Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil Code
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptx
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
Presentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointPresentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal point
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdf
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 

Law Firm Hacked by Cyber Criminals

  • 1. 1 Written by: Richard Brzakala Background “Law firm hacked by cyber criminals,” is probably one of the worst headlines imaginable for any law firm in today’s highly competitive marketplace. Cyber criminals are extremely well funded, sophisticated, and tenacious. Over the past decade, law firms have become increasingly attractive targets for numerous nefarious organizations looking to steal any type of confidential information that has economic value. While many corporations and private companies have been implementing safeguards and strengthening their technology defenses, law firms have, unfortunately, been laggards in the marketplace. All too often, firms of all sizes have been blissfully apathetic to either understanding or wanting to understand the information security risks and threats lurking in the marketplace. This article examines cyber and information security as it relates to the legal industry and provides strategic considerations for law firms looking to deal with information security issues. About the author: Richard Brzakala has 20 years of experience managing external counsel at two of the largest financial institutions in Canada. He has provided leadership and global oversight of enterprise legal management strategies, including alternative fee arrangements, cyber security, sourcing and innovative law firm performance benchmarks. He has managed relationships with hundreds of law firms across the globe and developed innovative practices with regards to in house legal management, business outsourcing and competitive RFP practices. He is recognized as a market thought leader with regards to LPM and law firm management. He has consulted international companies on convergence, cyber security, pricing and sourcing strategies and written numerous articles related to outside counsel management practices and matters. Disclaimer: The views expressed here are solely those of the author in his private capacity and do not in any way represent the views of the CIBC or RBC.
  • 2. 2 As we have seen in the past couple of years through media outlets and press reports, many firms have paid the price for neglect and ignorance as firms have increasingly been hacked by cyber criminals or have had their confidential data compromised in some way. Governmental and regulatory agencies across the globe have, for years, been sounding the alarm for law firms to become more vigilant and invest in technology tools and risk management strategies that can help a firm safeguard its confidential client information. If you are a firm concerned about cybersecurity measures and your firm’s preparedness to defend against cybersecurity breaches, consider implementing some of the following best practices that will help safeguard your confidential information. Cyber Security Is About Managing Risk For a firm to truly protect itself and its client information from being compromised, it must understand that cybersecurity and information security are not just about the technology tools. Too often, a firm’s initial response to cyber threats is to look to the market to see what is available to update their antivirus software or some other type of solution that the firm assumes will cover them for all sorts of risk and cyber issues. Unfortunately, this is not the best approach. It’s not “if,” but “when” a cyber attack will happen. The best approach for a law firm seeking to tackle cybersecurity is to step back and assess its current state of information technology preparedness and work with IT cyber experts to develop a comprehensive cyber risk strategy that not only leverages the best available tools to protect a firm but aligns the information security strategy with a firm’s business goals. Firms should approach the establishment of a cybersecurity strategy from the perspective that it is not a matter of “if” a cyber attack or security event will happen but “when” it will happen. Firms should also consider whether they are adequately prepared to contain and respond to such events and, if need be, manage the repercussions of any fallout due to an event or breach. Cyber-security is about mitigating risk It’s not a question of “if” but “when” a cyber attack will happen..
  • 3. 3 Therefore, cybersecurity is not just about ensuring that your firm has the proper technology in place to mitigate against breaches, viruses, or other security threats. A successful comprehensive cyber strategy is based on understanding the many different risks that exist in the marketplace and within a firm as well as the changing nature of risk and the need to stay vigilant, mitigate, and adapt to the changes of risk. In recent years, government agencies and regulatory bodies have stepped up to try to provide the legal community with recommendations and assistance on managing information security. The Canadian Bar Association (CBA) and American Bar Association (ABA) have published a variety of information security documents aimed at assisting law firms with implementing greater information control and security measures. Corporations are looking for cyber savvy firms Increasingly, corporate clients are looking to their law firms for documented proof of how a firm manages its confidential information and the preventive measures that a firm has in place to mitigate against threats and cyber risks. Firms looking to implement cyber strategies should also consider including containerization procedures that detail how a firm would isolate things such as computer viruses or other data threats to stop them from spreading through a firm’s network if a breach or security incident were to occur. Clients are also looking for post- incident management plans detailing how a firm will deal with notification protocol, communication and response times, escalation procedures, and restoration plans for lost data. If your corporate client hasn’t asked you to provide them with a cyber or information security strategy, chances are pretty good that they will in the near future, or they may assume that you already have a comprehensive information security strategy in place. What you don’t want to have happen (aside from being hacked and compromised) is to have to explain to a client that you have absolutely nothing in place. In short, for the sake of your relationship you should be prepared to answer your clients in a positive way and provide them with adequate documentation to back it up. For many sophisticated corporate clients, such as big banks, it is no longer acceptable for a law firm to be blissfully IT illiterate. The Corporate clients consider their information and that of their clients to be sacrosanct.
  • 4. 4 expectations from clients are high. How you manage the information that a client shares with your firm speaks volumes about your commitment to that relationship and how you value your reputation and that of your clients. Today, firms have to be all things to all clients, and the answer can never be “I don’t know” or “It’s not important or cost effective to our firm.” Clients consider their information and that of their clients to be sacrosanct, and there is an increased expectation that firms will do everything they can to maintain the confidentiality of information entrusted to them. Financial Institutions (FI’s) see information security as table stakes Some FIs, such as the Canadian Imperial Bank of Commerce (CIBC), have been at the forefront of managing external counsel and information security when it comes to law firms. In 2015, the CIBC implemented a global comprehensive information security policy for all of its 250 law firms. The policy included a comprehensive list of information security re uirements and principles that its panel of law firms are re uired to comply with to represent the CI C on any of its matters. The CIBC saw a gap in its firms and developed a unique standardized approach with which all of its firms must comply. The CIBC was the first institution in Canada to launch such a comprehensive and extensive initiative with its approved counsel. In effect, the CIBC made cybersecurity basic table stakes for its panel of firms. Insurance companies represent another example of an industry that adopted information security requirements and changes in the way they deal with law firm clients. Insurance companies have started to factor the cost of law firm damages and claims attributable to cyber and information security matters into their premiums. Consequently, insurance carriers have included cybersecurity damage coverage in their policies for items such as damaged software, hardware, lost information and data, and even lost law firm revenue. In some instances, large insurance carriers have based the costs of their premiums on the level of a firm’s cyber preparedness and have offered well-prepared firms (with a low risk profile) discounts on their annual insurance premiums. The last thing clients (and law firms) want is for a data breach to occur that has an adverse impact on their reputation or that of their clients. If your firm is looking to implement an information security strategy, consider calculating and understanding the cost of any lost business should you be exposed to a cyber event. How much of an insurance claim would you need to make to carry on or reestablish your firm’s business in the post-cyber-event period? Aligning cybersecurity to a firm’s business strategy and goals is critical. Information security and RFPs Large companies that are increasingly looking to source legal work want to partner with firms that share their beliefs on safeguarding client information and the importance of cybersecurity preparedness. To that effect, corporate clients have amended their request for proposal (RFP) Some FI’s consider cyber security to be table stakes.
  • 5. 5 procedures to include requirements in regard to cybersecurity and managing information security risk. Once upon a time, corporate clients referred to information security only as a casual reference in their RFPs. There were few, if any, onerous demands or requirements placed on firms when it came to safeguarding a client’s information. In the past, RFPs would only ask that a firm use its “best efforts” when safeguarding a client’s information. Today, many RFPs include specific references to a client’s risk and reputation policy, confidentiality, records management and destruction, communication, and third-party vendor policies. In addition, sophisticated buyers of legal services will also include a dedicated information security section outlining numerous prescriptive IT requirements and expectations regarding how clients expect their information to be protected, as well as mandatory incident reporting requirements. Firms are also finding that client RFPs and the cybersecurity requirements referenced in the RFPs are now requiring never-before-seen responsibility on the part of the firm for any third- party vendors that a prospective law firm may utilize in the course of acting for a potential client. How a law firm responds to the information requirements in a RFP from a potential client is as important as the firm’s pricing proposal or the depth of legal expertise the firm has to offer and may make the difference in a competitive bid process. Many lawyers are information technology neophytes Perhaps another reason that firms have been reluctant to move progressively in embracing cybersecurity is because they are obviously made up, principally, of lawyers and not techies. Lawyers will argue that they went to law school, not to an IT institute, and that they are not paid to know all of the nuances of the latest information security practices or gadgetry in the marketplace. Quite honestly, when lawyers view cybersecurity and the detailed requirements thereof, it is like a foreign language to them. Consequently, most lawyers are neophytes when it comes to technology. They may know how to use a Blackberry or tablet, but they haven’t a clue about its inner workings, nor do they need to know. That is why firms should seek out trusted IT experts and consultants who can conduct thorough assessments based on international standards (ISO27001) and make recommendations on how a firm can improve its cybersecurity capabilities. It is worth the investment to have firm employees who are trained in the latest information security practices and who know how to manage a firm’s confidential information. Some firms have even begun to cleverly leverage their cyber credentials and preparedness for marketing purposes to attract new and larger corporate clients. Other firms have tried to leverage their cybersecurity preparedness or certification by trying to negotiate lower insurance premiums from their carriers. Law firms cannot afford to be in denial Over the course of my career in managing external counsel, I have spoken to many firms and discovered that there exists a wide gap in cybersecurity preparedness and information security literacy. Law firms cannot continue to be IT neophytes.
  • 6. 6 The education gap ranges from extremely impressive, adequately prepared tech savvy firms to poor, inadequately prepared and, sometimes, unapologetically indifferent firms. Some of the firms in the latter group have yet to see a compelling business need to invest in cybersecurity preparedness. The mantra coming from this constituency is usually the same; we are a small firm in a small town and we don’t need to worry about cybersecurity; the type of legal work we do doesn’t require cybersecurity practices; we have never had any information security incidents; who would want to hack our firm? Quite simply, smaller firms don’t see themselves as a prime target for international cyber criminals and, therefore, feel less compelled (than big law firms) to invest capital and resources in something that (in their minds) has never happened to date, and that is highly unlikely to ever happen. They are probably right that the likelihood of a cyber hacker in a foreign country wanting to infiltrate the computers of a small law firm in North Dakota or Saskatchewan is highly unlikely. It’s important to point out, however, that cyber hackers are only one of the cyber threats facing firms today. Core components of a cybersecurity strategy At its core, a cybersecurity strategy should include the following elements: • email encryption • a formalized information security policy for all law firm employees • annual cybersecurity awareness training for employees • an incident management process • annual testing of computers • antivirus safeguards • proper backup and storage of client information • strong passwords that expire The strategic importance of cyber and information security to a law firm cannot be understated. As innovation continues to change technology, and the utilization of business tools by users change and they adopt new business processes, the relevance and importance of how information security is managed in the midst of all of that change and flux is crucial. Other Information Security Threats Aside from cyber criminals, firms need to be cognizant of other security threats such as computer viruses, malware, phishing attacks, identity theft, and even rogue employees looking to electronically steal information or money. All of these threats pose a significant risk to firms regardless of size, client base, or location and underscore the There is a plethora of cyber threats…always present and always changing.
  • 7. 7 importance of why a firm should invest its resources and capital in a cybersecurity strategy. In addition, firms should never make the risky assumption that they are immune to security issues simply because that have never had an incident and assume, therefore, that they do not need to invest in a cyber strategy or security tools. This premise begs the question: how do you know whether you have been targeted or, for that matter, compromised if your firm doesn’t have the security measures to monitor and identify external and internal intruders? If assumptions are to be made, they should be based on facts as well as quantifiable and measurable data. A firm may have malicious spy software embedded into its IT infrastructure, or a rogue employee downloading and stealing information without the firm even knowing it, so making such claims may be irresponsible and risky. People are the biggest threat I recall that a law firm once questioned the need for implementing any cyber and information security requirements. Their argument was that they were (again) a small firm of ten lawyers with six assistants and that all of their employees were loyal and had been with the firm for at least ten years, with some having been with the firm as long as twenty years. The firm emphasized the trust and loyalty factor and that they had never had an information security incident. Unfortunately, this type of logic is flawed as described in the preceding paragraph. Most cybersecurity experts will argue that people are, in fact, one of the biggest security risks in a security chain. If employees are not adequately trained and updated on the latest cybersecurity practices, then they become the weakest link and a liability for an organization as the most at-risk personnel are often uninformed, innocent, and unaware employees who may compromise a firm in many costly ways, and not the cyber hacker in a foreign locale. IT Professionals and Cyber Consultants For a firm to understand whether its operations and procedures are deficient or unprotected from nefarious elements and cyber risk, it should engage the right internal and external stakeholders. Regardless of a firm’s size, someone, be it an office manager at a small firm or a CFO at a larger firm, should be entrusted and dedicated to managing Training all employees on cyber security practices is crucial …otherwise they are a firm’s weakest link.
  • 8. 8 and overseeing that the proper information security practices and tools are deployed at a firm. However, not every firm can afford to hire a full-time IT person. Instead, most small- to middle-sized firms now contract these services to IT providers who have the adequate background and knowledge to assist office managers with implementing basic cybersecurity measures. Ultimately, in today’s highly competitive legal marketplace, doing nothing in terms of cybersecurity for a law firm is not an option and may, ultimately, adversely affect the viability of a firm’s business model. Social Media Tools The legal marketplace has become increasingly competitive with the introduction of new service delivery models, technology tools, and the delivery of legal services. Social media tools such as LinkedIn and Twitter are the latest examples of what the legal marketplace is using to communicate, or to buy and sell, legal services. Just as the proliferation of social media presents opportunities for law firms, it also presents challenges as firms must learn to adopt their existing business procedures to adhere to new technology tools and weigh the risks involved in deploying new technology or changing business practices. Firms should not assume that, because their employees appear to be IT savvy, they are automatically cybersecurity savvy. This could not be further from the truth as many data breaches at firms occur because of cyber criminals exploiting ignorant employees who are not familiar with proper cybersecurity protocols. Bring your own devices (BYOD), virtual deal/transaction rooms, chat rooms, mobile and media devices, cloud computing, document processing, and storage facilities are just some of the examples of social media tools that present various information security challenges for firms, their employees, and clients. Clients have increasingly looked to firms to have information security governance policies in place governing social media. With the proliferation of social media devices at law firms, all law firm employees should be aware and trained on the risks associated with social media devices and social networking tools and the type of law firm data that can be disclosed online when using social media. Lastly, the legal marketplace has undergone a confluence between practice innovation and the delivery of legal services and IT tools. With all of the advantages that technology has brought clients, there comes risk and the obligation on the part of law firms to manage the changing face of risk wherever that risk resides. Ultimately, there is no room to be a cyber laggard when it comes to cybersecurity, as clients are increasingly demanding it and law firms cannot afford to dismiss it any longer. Copyright © 2016 by Richard Brzakala. This article may be reprinted provided that the author's byline, bio, and copyright notice are retained in their entirety.