Hacker Defense: How to Make Your Law Firm a Harder Target
4
Click here to load reader
-
Upload
lexisnexis -
Category
Technology
-
view
89 -
download
0
description
It is up to law firms to protect both themselves and their clients with security measures that keep up with increasing risk. The firm can’t risk losing the trust of its clients. Here are some important ways that individual lawyers, and their firms, can improve the security of the information entrusted to them. Law firms need to stay sharp because corporate security is getting harder,not easier. At the same time, companies are starting to recognize that information security is a fundamental business issue—one that demands an increased focus on cyber resilience, not just security. The reason is simple: criminals and state-sponsored attackers are targeting intellectual property, customer information, and avenues for business disruption. That makes law firms an ideal target. To learn how you can locate and get a more complete picture of people and businesses across the U.S., visit http://www.lexisnexis.com/publicrecords. For more topics that are transforming the legal industry, visit http://www.thisisreallaw.com.
Transcript of Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder Target
A LexisNexis® White Paper
Hacker Defense: How to Make Your Law Firm a Harder Target
Highlights
• Criminals and state-sponsored attackers are targeting intellectual property, client information and avenues for business disruption.
• It is up to law firms, which are attractive targets for hackers, to protect both themselves and their clients with security measures that keep up with increasing risk.
• IT security policy needs to intelligently define who has access to which resources, and clearly outline and enforce the consequences of violations.
• Other best practices include using strong passwords that are changed on a regular schedule.
• To further keep the trust of clients and colleagues, legal professionals should be particularly wary of potentially compromising email attachments and other material received from unfamiliar or untested sources.
Introduction
In security, you are only as strong as your weakest link. A 2012 report of an FBI investigation1 suggested that a company’s weakest link might be its law firm. Every law firm keeps valuable and sensitive information on each of its clients—information that hackers would love to obtain. And that makes the firm an attractive target.2
It is up to law firms to protect both themselves and their clients with security measures that keep up with increasing risk. The firm can’t risk losing the trust of its clients. Here are some important ways that individual lawyers, and their firms, can improve the security of the information entrusted to them.
Choose Strong Passwords
Even though hackers can now employ powerful software to try to crack computer passwords, many times they don’t need to; they can simply guess. That’s because even in our high-tech world, most people still choose lousy passwords. For years, “password” has been far and away the most popular choice,3 with “123456” holding a close second in rankings. Even lawyers can’t feel too superior to the average person: in 2012, for example, a large law firm was hacked, partly due to its password policy in which login credentials were simply “law321”,4 preceded by the user’s initials. That’s not much better. To get an idea of how tough your password is, it’s worth testing it.5
Change Passwords on a Schedule
It is also much harder for hackers to hit a moving target. Even if your IT department doesn’t require it, you should change your password regularly. Set yourself a reminder every 90 days or so and stick to a schedule. It may seem like a lot of work for a seemingly invisible reward, but the stakes involved make it too important to skip. Choose strong passwords and change them regularly for the same reason you go to the dentist or get the oil changed in your car: the hassle is well worth it to help prevent the potential long-term downside.
Be a Healthy Skeptic
Thanks to popular movies, many people imagine that hacking goes on invisibly, with guys in basements directly accessing top-secret databases, typing in lines and lines of code. In reality, hacking computers is very hard. It is much easier to hack people. Often, a hacker exploit looks more like this: you receive an email from what seems to be a new colleague at your client’s office. Attached in the email is a link to a document. You click on the link, and perhaps you read the document. Later, you find out your client files have been compromised and your firm’s name is in the news. That’s how hackers have operated internationally in recent years and duped employees of several law firms6 to compromise their own security.
Hacker Defense: How to Make Your Law Firm a Harder Target
As a legal professional, and as someone who has the access to information that a hacker would love to have, it’s up to you to be an extreme skeptic. Discs, drives, emails and even documents from established as well as unknown sources should all have to prove themselves before you do anything with them. Technology changes so fast, it’s almost impossible to tell how a hacker’s exploit might arrive. As a result, it’s up to you to look at what you can find out: what’s the source, have you seen it before and is it vetted in some way? If you aren’t sure, report it to your IT department ASAP. That goes for unexpected phone calls too.
Stay on a “Need to Know” Basis
The IT department that won’t give you access to something may actually be doing you a favor. First of all, the fewer people have access to an asset, the safer that asset is. High-risk assets, and the people with access to them, need to be watched more closely. That can mean more oversight and procedure, which might slow you down.
Law Firms Need to Keep the Trust of their Clients
Law firms need to stay sharp because corporate security is getting harder, not easier. At the same time, companies are starting to recognize7 that information security is a fundamental business issue—one that demands an increased focus on cyber resilience, not just security. The reason is simple: criminals and state-sponsored attackers are targeting intellectual property, customer information, and avenues for business disruption. That makes law firms an ideal target. With increased threats, clients will be more careful about choosing partners that they can trust. The solution can’t rely only on user behavior. People will continue to choose their pets’ names as passwords, and none of those names will be something really secure like “C”^S=K~=y-”5(ss”.
In response, law firm partners and their IT departments need to leverage technologies and create policies that protect themselves and their clients. Security policy needs to intelligently define who has access to which resources, and clearly outline and enforce the consequences of violating that policy. It also needs to protect from both the inside and the outside, with strong network security, usage monitoring, intrusion detection and sophisticated reporting.
This document is for educational purposes only and does not guarantee the functionality or features of LexisNexis® products identified. LexisNexis does not warrant this document is complete or error-free. If written by a third party, the opinions may not represent the opinions of LexisNexis.
LexisNexis, martindale.com and the Knowledge Burst logo are registered trademarks of Reed Elsevier Properties Inc., used under license. Other products or services may be trademarks or registered trademarks of their respective companies. © 2014 LexisNexis. All rights reserved. BMH00414-0
1 LynneAhearn,“FBI’slookatelectronicespionageuncoverslawfirmslackofdatasecurity,”WGA InsureBlog, March 22, 2012, http://blog.wgains.com/2012/03/22/fbis-look-at-electronic-espionage-uncovers-law-firms-lack-of-data-security/.
2 JenniferSmith,“LawyersGetVigilantonCybersecurity,”The Wall Street Journal, June 26, 2012, http://online.wsj.com/news/articles/SB10001424052702304458604577486761101726748.
3 Erica Ho, “The 25 Most Popular (and Worst) Passwords of2011,”Time, November 22, 2011, http://techland.time.com/2011/11/22/the-25-most-popular-and-worst-passwords-of-2011/#ixzz2n0xWNIyl.
4 ElinorMills,“Hackersvow‘hellfire’inlatestmajordataleak,”C|Net, August 28, 2012, http://news.cnet.com/8301-1009_3-57501931-83/hackers-vow-hellfire-in-latest-major-data-leak/.
5 Microsoft, Safety & Security Center, https://www.microsoft.com/security/pc-security/password-checker.aspx.
6 MikeMintz,“CyberattacksonLawFirms–aGrowingThreat,” Martindale.com Blog, March 19, 2012, http://blog.martindale.com/cyberattacks-on-law-firms-a-growing-threat.
7 Deloitte, “Technology, Media & Telecommunications Firms Boost Cyber Resiliency via Strategic Security Initiatives, AlliancesandTraining,”January18,2013,http://www.deloitte.com/view/en_US/us/press/Press-Releases/259bed453824c310VgnVCM2000003356f70aRCRD.htm.
The Solution for Legal Professionals
LexisNexis® Public Records, with its unparalleled search, analytics and reporting technologies, can uncover hidden connections—even when entities don’t have a record in common—and raise red flags to help you improve your due diligence efforts.
To learn how you can locate and get a more complete picture of people and businesses across the U.S., visit www.lexisnexis.com/publicrecords.
For more topics that are transforming the legal industry, visit www.thisisreallaw.com.
