This document outlines the cybersecurity risks faced by law firms and the steps they should take to protect themselves and their clients. It discusses how law firms are vulnerable targets due to weaknesses in their security protocols. A security assessment is recommended to identify vulnerabilities, followed by continuous monitoring to maintain protection. Establishing attorney-client privilege for communications and properly structuring the role of outside agents are also covered. The presentation aims to educate law firms on cybersecurity best practices.

1. Scott B. Suhy
CEO
NetWatcher.com
scott.suhy@netwatcher.com
CYBER SECURITY FOR LAW FIRMS
What steps your firm should take to
protect against a cyber attack
Steve Britt
Partner
Berenzweig Leonard
sbritt@berenzweiglaw.com
Steve Rutkovitz
CEO
Choice Cyber Security
steve@choicecybersecurity.com

2. Agenda
•Why law firms are vulnerable to cyber attack
•What are lawyer's ethical duties
•The value of privilege & how to obtain it
•The value of the security assessment
•The value of continuous security monitoring
•Q&A
2

3. 3
Why law firms are
vulnerable to exploitation

4. • Wiley Rein hacking in 2012
• Cravath, Swain & Moore + Weil Gotshal & Manges hacked in 2015
• Fenwick & West has been hacked twice
• The 2015 ABA Law Firm Survey of 90,000 respondents reported;
• 25% of firms with at least 100 attorneys have a breach,
• 15% of all firms have had a breach
• 34% of 100 law firms have had clients request a security audit
• Large clients routinely send security due diligence questionnaires
• Most common types of breaches: Loss or theft of laptops, thumb
drives, smart phones or tablets, spear phishing and
employees/third parties using unauthorized hardware and software
(Evernote/Google Drive)
Current Data Breach Landscape

5. • Their organization’s protection
level is usually weaker than their
corporate counterparts
(customers)
• Law firms rarely report a
breach…
According to the 2015 ABA Legal Technology Survey
Report, 15 percent of overall firms and 25 percent of law
firms with at least 100 attorneys have experienced a
breach, yet almost half of attorneys say their firms have
no data breach response plan in place. (more here).
Bottom-line:
Law firms are great targets
for cybercriminals

6. Confidential details of offshore accounts for 12
world leaders & 128 public officials.
11.5 million confidential documents and 2.6
terabytes of data were stolen.
The firm’s customer facing WordPress website
was running an outdated/vulnerable version of a
plugin called ‘Revolution Slider’ that enabled a
hacker to exploit a well known bug and gain
access to its mail servers hosted on the same IP
network.
The exploit was well known to the hacker
community and published back in October 2014
however the plugin was never updated
Case Study: Mossack Fonseca
The Panama Papers
We have hundreds of law firms that we see increasingly
being targeted by hackers.”– Mary Galligan, the special
agent in charge of cyber and special operations for the
FBI’s New York Office.

7. Hacktivist
Puckett & Faraj, a Washington-area firm, was hacked
by activists associated with the group Anonymous,
who were angered by the firm’s representation of a
U.S. soldier who pleaded guilty in connection with his
role in the death of 24 Iraqi civilians. (more)
Cyberespionage
Gipson Hoffman & Pancione, based in Los Angeles,
was hacked because of a software piracy lawsuit it
filed against the Chinese government. (more)
Financial Gain
A broker named “Oleras” living in Ukraine was
detected attempting to hire hackers to break into
firms’ computer systems so he could trade on insider
information at Flashpoint, a New York threat
intelligence firm. (more)
Insider Trading
Hackers broke into the computer networks at some of
the country’s most prestigious law firms (including
Cravath Swaine & Moore LLP and Weil Gotshal &
Manges LLP). Federal investigators are exploring
whether they stole confidential information for the
purpose of insider trading, according to people
familiar with the matter. (more)
Why?

8. • The American Bar
Association Model Rules of
Professional Conduct, requires law
firms to protect client information
(Model Rule 1.1, 1.4 & 1.6)
• 47 states also have Data Breach
Notification Laws. Listed here.
• There are also sector specific
requirements – HIPAA, PCI-DSS…
It is your responsibility to protect
your client’s data!

9. • The ABA Commission on Ethics
20/20 added new amendments and
comments
• “Lawyers must keep abreast of
benefits and risks of technology”
• “Lawyers must take reasonable
steps to prevent inadvertent or
unauthorized disclosure or
unauthorized access to client
information.”
• 19 states now have laws dealing
with electronic and paper record
disposal
Your firm’s reputation is all it has.
You never want to have to put out a release like this:
“Last summer, the Firm identified a limited breach of its IT systems.
We have worked closely with law enforcement authorities who have
jurisdiction over this matter, and we are not aware that any of the
information that may have been accessed has been used
improperly. Upon identifying the incident we immediately
supplemented our IT security measures with the assistance of
additional outside security consultants. Client confidentiality is
sacrosanct. We continually invest in state-of-the-art systems and
procedures and work with clients and security firms to assess the
strength of our protections. We will continue to work to ensure our
systems are best in class.”
– Cravath, Swaine & Moore LLP

10. • ACP protects communications between clients and their
lawyers in a confidential setting that relate to legal advice
and do not further a crime or fraud, as long as the privilege
has not been waived
• This privilege is subject to several constraints
• It doesn’t apply based on the parties mutual agreement
• In most cases it will not apply to agents of the client unless the
agent is necessary to transmit the privileged communication
(e.g., translators)
• Lawyer-agents CAN be subject to the attorney-client privilege if
the agent is assisting the lawyer in providing legal advice
(United States v. Kovel, 296 F2d. 918 (2nd Cir. 1961)
The Value of Attorney Client
Privilege

11. • Here are the best practices to demonstrate the necessity
of an agent’s role in legal advice;
• Lawyer should document the need for agent's assistance
and how it will be used
• Agent should work under the lawyer's direction – not the
client’s
• Lawyer should incorporate the agent’s work into the
lawyer’s legal advice, rather than simply forwarding the
agent’s work, and
• Lawyer should document how he or she used agents work
in its advice
A Lawyer-Agent’s Role

12. 12
The value of the
security assessment

13. • Most of the industry is “Winging it”
• No Comprehensive Approach
• Lack of a Controlled Framework
• No Structured Solution
Lack of Structure

14. End to End Solution
The Choice Cybersecurity Approach:
• Assess with a Gap Analysis
• Address vulnerabilities with
a multi layered approach
• Maintain an acceptable level
of risk through continuous
monitoring and scanning

15. Risk Assessment
• In order to move from Protection to
Detection you must identify your
assets
• Questions to ask:
• What is important to your firm?
• What are you trying to protect?
• What are your threats?
• How would a breach affect your
firm?
• How would you respond to a
breach of confidentiality?

16. Data Assets
• Data can be anywhere
• Cloud
• Mobile
• Servers
• Workstations
• Phones
• Tablets
• Laptops

17. What is Sensitive Data?
1. Social Security Numbers
2. Credit Cards
3. Date of Birth
4. Driver’s License
5. Passport
6. IP Address
7. Digital Identity

18. Failed Assessment Example
• 666,732 Files Scanned
• 2,162 Suspected Incidents Found
• 327 Files with Suspect Data
• $888,600 Liability

19. 2 Parts of the Risk Assessment
• Identify Vulnerabilities
• Software
• Hardware
• Firewall
• Sensitive Data

20. Executive Summary

21. 21
The value of
continuous monitoring

22. Antivirus doesn’t work all
that well anymore…
“Crypting Service”
Example: http://execrypt.com
“This is an automatic online service ExeCrypt
which can help you to obfuscate binary data. Our
service is indispensable tool to get secure your
program content form curious researchers and
prevent detection by antivirus programs.”
Follow Gartner for EP Protection Platforms
Protect the Endpoint…

23. • Firewall
• Unified Threat
Management
• Next Generation Firewall
• Managed Firewall
• Intrusion Protection
System (IPS)
Great, but not enough…
Firewall - Protect the Front Door!

24. • Malware Exploit!!!
• Clicking on Phishing messages
and bad links
• Running outdated software with
security vulnerabilities (Flash,
Java, Windows…)
• Downloading risky software
(TOR, BitTorrent, Telnet,
Android apps…)
• Going to explicit websites
• Sending info over the internet in
clear text
Continuous Monitoring – Know when
someone lets the bad guy through the
front door….

25. • Tools used for pen testing are
widely available for anyone to
leverage (metasploit, nmap,
openvas etc..) all great but can
be used against you too..
• https://showdan.io
Continuous Monitoring – Know when
a bad actor is inside your network…

26. • Security hygiene
• Lack of rigorous policy &
plans
• Lack effective monitoring
What’s the Issue?

27. • Command & Control Malware
• Ransomware
• Spyware
Continuous Monitoring – Know when
you are being exploited!

28. • Managed Security Service
• Easy to install
• Easy to use
• Accurate
• Affordable
• For as low as $299 a month
Continuous Monitoring – Know your
score!

29. 29
Q&A

30. Thank You
Scott B. Suhy
CEO
NetWatcher.com
scott.suhy@netwatcher.com
Steve Britt
Partner
Berenzweig Leonard
sbritt@berenzweiglaw.com
Steve Rutkovitz
CEO
Choice Cyber Security
steve@choicecybersecurity.com