Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 ways law firms can make life difficult for hackers

Taylor Armerding | May 19, 2016
Law firms can be particularly vulnerable, since court filings are public record. An attacker can easily get the name of the attorney of record and, using his or her name, send a phishing email with a malicious attachment that purports to be an updated complaint from that attorney.

 rebeccahughesparker
Rebecca Hughes Parker, managing editor of The Law Report Group

Peter Zeughauser, chairman of the Zeughauser Group, a consultancy to large law firms, said whether it is alerts from the FBI, concerns expressed by clients or news of hacks, “there is a higher level of concern,” about cyber attacks.

In the case of ransomware, even if the goal is simply to collect money rather than use the confidential data, it is generally very troubling to clients, according to Parker.

“It can cost the firm a great deal of money to handle, and can be costly to its reputation,” she said.

The obvious response to all this is to improve cyber defenses. While no technology is entirely bulletproof, experts have said for years that better “security hygiene” can take organizations out of the “low-hanging-fruit” category.

peterzeughauser
Peter Zeughauser, chairman, the Zeughauser Group

And while, as Brown put it, “there is no ‘answer-in-a-box,’ since each law firm has its own risk profile,” there are still a number of general principles that will lower any firm’s risk profile. The following recommendations come from Brown, Parker, Zeughauser and a Q&A by CSLR with John Simek, vice president and co-founder of Sensei Enterprises.

1. More/better employee training

As has been said numerous times, people are the weakest link in the security chain. And that weakness is being exploited more effectively by criminals who have become much more sophisticated with phishing emails.

“People are the problem,” Simek told CSLR. “All the technology in the world is not going to prevent an attack.”

Law firms can be particularly vulnerable, since court filings are public record. An attacker can easily get the name of the attorney of record and, using his or her name, send a phishing email with a malicious attachment that purports to be an updated complaint from that attorney.

Yes, training consumes what could otherwise be billable hours, but dealing with ransomware or a major breach is vastly more expensive.

2. Keep backups disconnected from the network and the Internet

With the explosive rise of ransomware, backups should be mandatory. But they will do no good if backup drives are connected to the network, since that will allow malware to infect them as well.

3. Install all patches and updates

Patches do exactly what the name implies – patch a “hole” in the software that is vulnerable to an attack. Virtually all of them are free, so the only thing they cost is attention and time - time very well spent. Failing to patch known vulnerabilities is a bit like leaving the door open and the files unlocked at night.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.