SlideShare uma empresa Scribd logo

Law Firm Cybersecurity: Practical Tips for Protecting Your Data

A
Accellis Technology Group

Learn what cyber security means for your law firm, your employees, and your bottom line. This presentation will provide a snapshot of the IT Security threats facing law firms today, as well as the knowledge and tools you can use to prevent them.

Tecnologia
1 de 30
Baixar para ler offline
LAW FIRM CYBERSECURITY PRACTICAL TIPS FOR PROTECTING YOUR DATA
In February, 2013, the FBI gave a keynote presentation on law firm security threats at LegalTech New York. In an article from Law Technology News, the special agent in charge of the FBI’s cyber operations in New York City is quoted as stating: “We have hundreds of law firms that we see increasingly being targeted by hackers. …We all understand that the cyber threat is our next great challenge. Cyber intrusions are all over the place, they’re dangerous, and they’re much more sophisticated” than they were just a few years ago.”
WHY ARE LAW FIRMS AT RISK?
REASONS LAW FIRMS REPRESENT A CYBER TARGET: • Many firms regularly maintain a tremendous amount of highly confidential information and information is the currency that cyber criminals trade in. • You may not be the primary target. Many attacks are of the command and control variety where the objective is to use your environment as a beachhead for a secondary attack. • Cyber criminals may be targeting YOUR CLIENT or ANOTHER FIRM and realize that you represent the means to get passed their existing infrastructure. • As an industry, we make for a very easy target.
The measures in place for many firms are very far behind those in other industries. But its not just about spending money. The Goldman Sachs data breach resulted in the discloser of 70+ million users accounts and over 7 million business accounts. Goldman Sachs spend over $250 million dollars A YEAR in cyber defense. It’s about the focus security gets all the way down to the end users. End users are the single weakest point in any network.
LEGAL INDUSTRY CYBER THREATS, RISKS AND ATTACKS
• For two straight years, more than two thirds of Cyber Espionage has featured Phishing as its primary means of attack • According to the Verizon 2015 DBIR, in 2014, users opened approximately 23% of inbound Phishing messages and 11% clicked on attachments. • Historically, Phishing has been the means to target individuals and not businesses. This however is also changing dramatically. • Enter “The Dyre Wolf”. This is a new campaign that utilizes the now popular Dyre, or Dyreza, malware directly targeting corporate banking accounts • This phishing and malware campaign leverages spear phishing, malware (initial infection via Upatre), social engineering, complex process injections, the Deep Web and even Distributed Denial of Service (DDoS) sprees to complete an attack Dyre wolf is a perfect example of how most defenses are still only as safe is the weakest employee. PHISHING / SOCIAL ENGINEERING ATTACKS
THE DYRE WOLF ATTACK • Not your typical malware campaign • Each attack cost companies $500,000 - $1.5 million • Uses targeted spear phishing emails, malware and social engineering
THE DYRE WOLF ATTACK Photo credit: IBM, 2015
THE DYRE WOLF ATTACK Photo credit: IBM, 2015
THE DYRE WOLF ATTACK Photo credit: IBM, 2015
THE DYRE WOLF ATTACK Photo credit: IBM, 2015
THE DYRE WOLF ATTACK Photo credit: IBM, 2015
THE DYRE WOLF ATTACK Photo credit: IBM, 2015
THE DYRE WOLF ATTACK
Dyre wolf is a perfect example of how most defenses are still only as safe is the weakest employee. Defending against Phishing attacks are largely centered on knowledge and training of the weakest link in your system – end users.
ACCIDENTS (AGAIN…USERS) • Accidental disclosure of confidential information is a substantial reason for a data breaches with over 60% being initiated by system administrators.  Read “Biggest Cyber Security Threat to Law Firms is Not What You Think” • Types of accidents often break down into 3 primary categories: 1) “D’oh!”: ever sent an email to a client and about .0009 seconds after hitting the send button, you realize you’ve sent information to the wrong recipient? DBIR reports this as being the single largest exposure point for data 2) “My Bad!”: According to the same DBIR reports, about 17% of the breach / disclosures are the result of users publishing nonpublic data to public servers. Sensitive client data does not belong on the Google! 3) “Oops!”: The last bucket of end user snafu’s is the insecure disposal of personal and medical data.
VULNERABILITIES… (WE DON’T NEED NO STINKIN’ PATCHES) • CVE’s, or common vulnerabilities and exposures, is a worldwide list of known system vulnerabilities that is published to any and all who want to use it. • Most companies performing vulnerability scans are leveraging this list to test a network for known weaknesses. Software and OS updates are leveraging this list to build fixes to vulnerabilities as fast as they are identified. • Which brings up an interesting point – the vast majority of breaches in 2014 were initiated through known CVE’s that were at least a year old. AT LEAST A YEAR OLD! • 97% of the known exploits were created with 10 CVE’s – ONLY 10! • But before you ask – the remaining exploits were created with 7 MILLION CVE’s. So you cannot simply look for the top 10 and call it a day.
THE LONG-CON • Ransomware has traditionally acted as a zero day attack; however, those same criminals are finding that a long, slow attack can yield even higher returns. • The next phase of ransom are will likely sit in an environment for months before initiating action • Possible scenarios now include server side attacks that can encrypt data moving to and from the server until the criminal feels they have sufficient amounts of data encrypted • They simply hold your and your data hostage in return for payment • No payment means they remove the encryption key and none of your systems will work until you do
THE INTERNET OF THINGS & BYOD (IT’S ONLY GOING TO GET MORE DIFFICULT…) • Dramatic increase in the number of internet connected devices that could lead to accidently exposure of confidential information. • Target proved this in spades • As you look at your environment from a security perspective, have you considered everything? • Traditional unmonitored vectors include fax machines and printers but, have you checked that new TV in the conference room? • What about that new iWatch?
GETTING IN FRONT OF THE PROBLEM.
• First things first - the firm, its partners and directors, all must agree that security is a priority. – First it needs to be a priority from the top down if the end users are to adjust their daily behavior to marry to security policies of the firm. – The senior most people in any organization are typically the least likely to be willing to adjust their behavior! • Any investments needed to properly build and maintain a security plan will require the people at the top to spend out of their own pocket. • Must be a permanent part of the business plan GETTING IN FRONT OF THE PROBLEM
STEP 1: PUT SOMEONE IN CHARGE OF CYBERSECURITY • Many organizations set a course for failure almost from the start by not establishing responsibility for one person or a team of people to manage this process. • Must also be responsible for moving the firm from compliance to security. These two are not the same thing. • Even an ISO27001 certified firm may not be secure – they simply have the policies and procedures in place for an effective security program
STEP 2: HAVE SOMETHING FOR THEM TO ENFORCE • Every firm should employ some form of a written security plan • There are 4 core controls within to a proper plan – Physical, Policy, Detective and Corrective • Key elements for a law firm security plan include: – Identification - Identify the data your firm maintains, establish its location and identify which information is most sensitive and in need of monitoring. – Encryption - Whether at rest or in transit, data should always be encrypted. – Remote Access / Authentication - What information will you allow access to from outside the building? – Password Policies - Will you be willing and able to implement a complex password policy that changes every 90 days? – Social Media Policy - Use at work? Can you use the same log in for Facebook as you can for your company PC?
STEP 2: HAVE SOMETHING FOR THEM TO ENFORCE (CONT.) • Key elements for a law firm security plan (con’t) – Physical Security - Are you planning to restrict building access? Can you track when people come and go? Are there cameras to track access to critical information? – Vendor Security - No one likes to do it but auditing your 3rd party vendors can be a critical piece to your security plan. – Breach Response Planning - Each plan should contain critical pieces such as client notification plans, plan for notifying authorities, documentation plans, and overall decision-making ability.
STEP 3: CREATE & MAINTAIN A PROPER DEFENSE / MONITORING ENVIRONMENT • Firewall with IDS or IPS - A firewall with intrusion detection (IDS) or intrusion prevention (IPS) is recommended for maximum protection against malicious traffic. • Spam Filter – The majority of viruses that get into networks are from email phishing attempts. • Patching - The greatest source of vulnerability comes from using software and application that are not properly patched (i.e. they lack the latest updates). • Mobile Device Management – Allows you to manage, secure and monitor your firm’s mobile devices in real time. • Encryption – Any device that can store sensitive information (i.e. phones, laptops, tablets) and is built to leave the building should be encrypted. • White Listing Systems – For advanced defensive environments. This system keeps anything that you do not designate from being installed anywhere on your network. • Logging Systems - Understanding where your data resides AND being able to establish patterns of users traffic can go a long way to knowing when something has gone wrong and you’ve been breached. Read: 5 Basic Cybersecurity Controls Every Firm MUST Have in Place
STEP 4: FORM A MILITIA • Create a security policy and turn your employees into your cyber militia • Employees represent one of your greatest defense opportunities, but they need to understand the importance of protecting your confidential data and the rules for keeping it safe. • Training - Over 23% of people open phishing messages and 11% click on attachments • Enforcement - It’s up to management to ensure that the policies and procedures are being followed – Look to test users with false phishing emails to see who opens them – Focus training on the types of campaigns that were most successful in your company
STEP 5: CONTINUAL MONITORING AND IMPROVEMENT • Continual assessment and validation is necessary to verify the effectiveness of your security efforts. – Many attacks happen from exploiting weaknesses in browsers, web applications, malicious websites, and other applications. – Vulnerability Scanning is the most a cost-effective way to protect your environment from unpatched exploits, new threats and hackers. • Penetration Testing - A penetration test provides a point-in-time snapshot of security gaps and should be done regularly to determine system vulnerabilities. • Security Assessment - Have a qualified third party review your network and identify potential business implications of security threats and how they can be remediated to improve compliance and longevity.
ADDITIONAL RESOURCES • 5 Basic Cybersecurity Controls Every Firm MUST Have in Place • My firm has been hacked, what do I do? • Which type of hackers represent the biggest threat to law firms? • Law Firm Cyber Security Threat Matrix [eBook] • Should Firms Restrict Access to Personal Email? • Law Firm Cyber Security: Protecting Your Client’s Data • What your Law Firm Needs to Know About IT Risk and Security Audits For further reading, visit our blog Legal Loudspeaker.
Discover how Accellis can help you stay in front of cybersecurity threats. Whether it’s a security assessment, penetration test, or compliance evaluation – our team of certified security experts can ensure you’re on the right track. SCHEDULE A FREE CONSULTATION Schedule a Consultation

Recomendados

Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationJacqueline Fick
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber HygieneGAURAV. H .TANDON
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
Network security basics
Network security basicsNetwork security basics
Network security basicsSkillspire LLC
 

Recomendados

Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationJacqueline Fick
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
 
Cyber Hygiene
Cyber HygieneCyber Hygiene
Cyber HygieneGAURAV. H .TANDON
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
Network security basics
Network security basicsNetwork security basics
Network security basicsSkillspire LLC
 
Cyber security mis
Cyber security misCyber security mis
Cyber security misAditya Singh Rana
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security ThreatsQuick Heal Technologies Ltd.
 
Personal Digital Hygiene
Personal Digital HygienePersonal Digital Hygiene
Personal Digital HygieneLars Hilse Global Thought Leader in #CyberSecurity, #CyberTerrorism, #CyberDefence, #CyberCrime
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central BanksCommunity Protection Forum
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Covid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsCovid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsArun Kannoth
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessAde Ismail Isnan
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionageMarie Elisabeth Gaup Moe
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckDon Gulling
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptxRishabhDwivedi70
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSPreetiDevidas
 

Mais conteúdo relacionado

Mais procurados

2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Covid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsCovid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsArun Kannoth
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the CloudGGV Capital
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckDon Gulling
 

Mais procurados (20)

Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
Personal Digital Hygiene
Personal Digital HygienePersonal Digital Hygiene
Personal Digital Hygiene
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber Security
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Covid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber ThreatsCovid 19, How A Pandemic Situation Shapes Cyber Threats
Covid 19, How A Pandemic Situation Shapes Cyber Threats
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionage
 
Securing the Cloud
Securing the CloudSecuring the Cloud
Securing the Cloud
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber Security
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide Deck
 

Semelhante a Law Firm Cybersecurity: Practical Tips for Protecting Your Data

Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptxRishabhDwivedi70
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSPreetiDevidas
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxMBRoman1
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptxjondon17
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptxPradeeshSAI
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAkshayKhade21
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptxjondon17
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial PlannersMichael O'Phelan
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxWhy-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxdhananjay80
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end usersNetWatcher
 
How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers Precisely
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 

Semelhante a Law Firm Cybersecurity: Practical Tips for Protecting Your Data (20)

Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONSIMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
IMPACT OF REMOTE WORK:NEW THREATS AND SOLUTIONS
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxWhy-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Cyber security awareness for end users
Cyber security awareness for end usersCyber security awareness for end users
Cyber security awareness for end users
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers How US Cybersecurity Executive Order Impacts IBM i Customers
How US Cybersecurity Executive Order Impacts IBM i Customers
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 

Último

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Último (20)

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Law Firm Cybersecurity: Practical Tips for Protecting Your Data

  • 1. LAW FIRM CYBERSECURITY PRACTICAL TIPS FOR PROTECTING YOUR DATA
  • 2. In February, 2013, the FBI gave a keynote presentation on law firm security threats at LegalTech New York. In an article from Law Technology News, the special agent in charge of the FBI’s cyber operations in New York City is quoted as stating: “We have hundreds of law firms that we see increasingly being targeted by hackers. …We all understand that the cyber threat is our next great challenge. Cyber intrusions are all over the place, they’re dangerous, and they’re much more sophisticated” than they were just a few years ago.”
  • 3. WHY ARE LAW FIRMS AT RISK?
  • 4. REASONS LAW FIRMS REPRESENT A CYBER TARGET: • Many firms regularly maintain a tremendous amount of highly confidential information and information is the currency that cyber criminals trade in. • You may not be the primary target. Many attacks are of the command and control variety where the objective is to use your environment as a beachhead for a secondary attack. • Cyber criminals may be targeting YOUR CLIENT or ANOTHER FIRM and realize that you represent the means to get passed their existing infrastructure. • As an industry, we make for a very easy target.
  • 5. The measures in place for many firms are very far behind those in other industries. But its not just about spending money. The Goldman Sachs data breach resulted in the discloser of 70+ million users accounts and over 7 million business accounts. Goldman Sachs spend over $250 million dollars A YEAR in cyber defense. It’s about the focus security gets all the way down to the end users. End users are the single weakest point in any network.
  • 7. • For two straight years, more than two thirds of Cyber Espionage has featured Phishing as its primary means of attack • According to the Verizon 2015 DBIR, in 2014, users opened approximately 23% of inbound Phishing messages and 11% clicked on attachments. • Historically, Phishing has been the means to target individuals and not businesses. This however is also changing dramatically. • Enter “The Dyre Wolf”. This is a new campaign that utilizes the now popular Dyre, or Dyreza, malware directly targeting corporate banking accounts • This phishing and malware campaign leverages spear phishing, malware (initial infection via Upatre), social engineering, complex process injections, the Deep Web and even Distributed Denial of Service (DDoS) sprees to complete an attack Dyre wolf is a perfect example of how most defenses are still only as safe is the weakest employee. PHISHING / SOCIAL ENGINEERING ATTACKS
  • 8. THE DYRE WOLF ATTACK • Not your typical malware campaign • Each attack cost companies $500,000 - $1.5 million • Uses targeted spear phishing emails, malware and social engineering
  • 9. THE DYRE WOLF ATTACK Photo credit: IBM, 2015
  • 10. THE DYRE WOLF ATTACK Photo credit: IBM, 2015
  • 11. THE DYRE WOLF ATTACK Photo credit: IBM, 2015
  • 12. THE DYRE WOLF ATTACK Photo credit: IBM, 2015
  • 13. THE DYRE WOLF ATTACK Photo credit: IBM, 2015
  • 14. THE DYRE WOLF ATTACK Photo credit: IBM, 2015
  • 15. THE DYRE WOLF ATTACK
  • 16. Dyre wolf is a perfect example of how most defenses are still only as safe is the weakest employee. Defending against Phishing attacks are largely centered on knowledge and training of the weakest link in your system – end users.
  • 17. ACCIDENTS (AGAIN…USERS) • Accidental disclosure of confidential information is a substantial reason for a data breaches with over 60% being initiated by system administrators.  Read “Biggest Cyber Security Threat to Law Firms is Not What You Think” • Types of accidents often break down into 3 primary categories: 1) “D’oh!”: ever sent an email to a client and about .0009 seconds after hitting the send button, you realize you’ve sent information to the wrong recipient? DBIR reports this as being the single largest exposure point for data 2) “My Bad!”: According to the same DBIR reports, about 17% of the breach / disclosures are the result of users publishing nonpublic data to public servers. Sensitive client data does not belong on the Google! 3) “Oops!”: The last bucket of end user snafu’s is the insecure disposal of personal and medical data.
  • 18. VULNERABILITIES… (WE DON’T NEED NO STINKIN’ PATCHES) • CVE’s, or common vulnerabilities and exposures, is a worldwide list of known system vulnerabilities that is published to any and all who want to use it. • Most companies performing vulnerability scans are leveraging this list to test a network for known weaknesses. Software and OS updates are leveraging this list to build fixes to vulnerabilities as fast as they are identified. • Which brings up an interesting point – the vast majority of breaches in 2014 were initiated through known CVE’s that were at least a year old. AT LEAST A YEAR OLD! • 97% of the known exploits were created with 10 CVE’s – ONLY 10! • But before you ask – the remaining exploits were created with 7 MILLION CVE’s. So you cannot simply look for the top 10 and call it a day.
  • 19. THE LONG-CON • Ransomware has traditionally acted as a zero day attack; however, those same criminals are finding that a long, slow attack can yield even higher returns. • The next phase of ransom are will likely sit in an environment for months before initiating action • Possible scenarios now include server side attacks that can encrypt data moving to and from the server until the criminal feels they have sufficient amounts of data encrypted • They simply hold your and your data hostage in return for payment • No payment means they remove the encryption key and none of your systems will work until you do
  • 20. THE INTERNET OF THINGS & BYOD (IT’S ONLY GOING TO GET MORE DIFFICULT…) • Dramatic increase in the number of internet connected devices that could lead to accidently exposure of confidential information. • Target proved this in spades • As you look at your environment from a security perspective, have you considered everything? • Traditional unmonitored vectors include fax machines and printers but, have you checked that new TV in the conference room? • What about that new iWatch?
  • 21. GETTING IN FRONT OF THE PROBLEM.
  • 22. • First things first - the firm, its partners and directors, all must agree that security is a priority. – First it needs to be a priority from the top down if the end users are to adjust their daily behavior to marry to security policies of the firm. – The senior most people in any organization are typically the least likely to be willing to adjust their behavior! • Any investments needed to properly build and maintain a security plan will require the people at the top to spend out of their own pocket. • Must be a permanent part of the business plan GETTING IN FRONT OF THE PROBLEM
  • 23. STEP 1: PUT SOMEONE IN CHARGE OF CYBERSECURITY • Many organizations set a course for failure almost from the start by not establishing responsibility for one person or a team of people to manage this process. • Must also be responsible for moving the firm from compliance to security. These two are not the same thing. • Even an ISO27001 certified firm may not be secure – they simply have the policies and procedures in place for an effective security program
  • 24. STEP 2: HAVE SOMETHING FOR THEM TO ENFORCE • Every firm should employ some form of a written security plan • There are 4 core controls within to a proper plan – Physical, Policy, Detective and Corrective • Key elements for a law firm security plan include: – Identification - Identify the data your firm maintains, establish its location and identify which information is most sensitive and in need of monitoring. – Encryption - Whether at rest or in transit, data should always be encrypted. – Remote Access / Authentication - What information will you allow access to from outside the building? – Password Policies - Will you be willing and able to implement a complex password policy that changes every 90 days? – Social Media Policy - Use at work? Can you use the same log in for Facebook as you can for your company PC?
  • 25. STEP 2: HAVE SOMETHING FOR THEM TO ENFORCE (CONT.) • Key elements for a law firm security plan (con’t) – Physical Security - Are you planning to restrict building access? Can you track when people come and go? Are there cameras to track access to critical information? – Vendor Security - No one likes to do it but auditing your 3rd party vendors can be a critical piece to your security plan. – Breach Response Planning - Each plan should contain critical pieces such as client notification plans, plan for notifying authorities, documentation plans, and overall decision-making ability.
  • 26. STEP 3: CREATE & MAINTAIN A PROPER DEFENSE / MONITORING ENVIRONMENT • Firewall with IDS or IPS - A firewall with intrusion detection (IDS) or intrusion prevention (IPS) is recommended for maximum protection against malicious traffic. • Spam Filter – The majority of viruses that get into networks are from email phishing attempts. • Patching - The greatest source of vulnerability comes from using software and application that are not properly patched (i.e. they lack the latest updates). • Mobile Device Management – Allows you to manage, secure and monitor your firm’s mobile devices in real time. • Encryption – Any device that can store sensitive information (i.e. phones, laptops, tablets) and is built to leave the building should be encrypted. • White Listing Systems – For advanced defensive environments. This system keeps anything that you do not designate from being installed anywhere on your network. • Logging Systems - Understanding where your data resides AND being able to establish patterns of users traffic can go a long way to knowing when something has gone wrong and you’ve been breached. Read: 5 Basic Cybersecurity Controls Every Firm MUST Have in Place
  • 27. STEP 4: FORM A MILITIA • Create a security policy and turn your employees into your cyber militia • Employees represent one of your greatest defense opportunities, but they need to understand the importance of protecting your confidential data and the rules for keeping it safe. • Training - Over 23% of people open phishing messages and 11% click on attachments • Enforcement - It’s up to management to ensure that the policies and procedures are being followed – Look to test users with false phishing emails to see who opens them – Focus training on the types of campaigns that were most successful in your company
  • 28. STEP 5: CONTINUAL MONITORING AND IMPROVEMENT • Continual assessment and validation is necessary to verify the effectiveness of your security efforts. – Many attacks happen from exploiting weaknesses in browsers, web applications, malicious websites, and other applications. – Vulnerability Scanning is the most a cost-effective way to protect your environment from unpatched exploits, new threats and hackers. • Penetration Testing - A penetration test provides a point-in-time snapshot of security gaps and should be done regularly to determine system vulnerabilities. • Security Assessment - Have a qualified third party review your network and identify potential business implications of security threats and how they can be remediated to improve compliance and longevity.
  • 29. ADDITIONAL RESOURCES • 5 Basic Cybersecurity Controls Every Firm MUST Have in Place • My firm has been hacked, what do I do? • Which type of hackers represent the biggest threat to law firms? • Law Firm Cyber Security Threat Matrix [eBook] • Should Firms Restrict Access to Personal Email? • Law Firm Cyber Security: Protecting Your Client’s Data • What your Law Firm Needs to Know About IT Risk and Security Audits For further reading, visit our blog Legal Loudspeaker.
  • 30. Discover how Accellis can help you stay in front of cybersecurity threats. Whether it’s a security assessment, penetration test, or compliance evaluation – our team of certified security experts can ensure you’re on the right track. SCHEDULE A FREE CONSULTATION Schedule a Consultation