Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 ways law firms can make life difficult for hackers

Taylor Armerding | May 19, 2016
Law firms can be particularly vulnerable, since court filings are public record. An attacker can easily get the name of the attorney of record and, using his or her name, send a phishing email with a malicious attachment that purports to be an updated complaint from that attorney.

But the National Institute of Standards and Technology (NIST) has small business standards that can amount to self-certification, Simek said. It allows firms to, “assess their infrastructure, and whether they have any weaknesses and whether the assistance of a third-party is needed.”

8. Have clear, effective restrictions on remote access and mobile devices

This can be complicated, Parker said, because, “different practice areas at the same firm sometimes can operate as discrete businesses and it can be hard to mitigate cyber risk. Partners also may opt out of certain cybersecurity protocols.”

This is an area where it is crucial to have a CIO or other executive who oversees and enforces data security, privacy and information governance, including remote access and BYOD.

9. Set systems to capture log data, for forensic purposes if a breach occurs

Simek said the biggest problem in responding to a breach is a lack of log data. “Nobody had the foresight to configure their devices or their systems to capture information on an ongoing basis. That’s a killer for the investigations.

10. Share threat information

According to the Journal, law firms last year formed an information-sharing group to exchange information about cyberthreats and other vulnerabilities. It is modeled after a similar organization for financial institutions.

Bill Nelson, CEO of the Financial Services Information Sharing and Analysis Center, which oversees the legal group, said 75 firms have joined the group so far.


Previous Page  1  2  3  4 

Sign up for CIO Asia eNewsletters.