Articles

Excerpt: Hacking can indeed be a passion, proving that you can outfox governments and big league corporations. The thrill of the chase can be addictive – and the addiction is fueled by the monies to be made.

Breaches come in many variants, far too many to cover in a single article. But there is a general flow to a breach. Since we make a living investigating breaches and remediating the vulnerabilities that caused them, let us take you on an anatomical tour of a typical breach, highlighting some of the common elements.

To make the reading more fun, we have offered up “quotes” from the players typically involved in a breach. Many are taken from real-life incidents.

Read the entire article here.

Excerpt: Lawyers know from personal experience how consuming technology can be. And they know how easy it is to overshare on social media, click on something they didn’t mean to, or say something foolish after having too many libations. Your clients are no different in their reliance on technology but they are going through one of the most emotional and stressful periods of their lives.

This is where the missteps come in. Clients’ technology, especially their usage of social media and text messaging, tend to become part of the divorce and discovery process. Throw into the mix a soon-to-be ex-spouse, a hotly-contested divorce, custody battles and maybe the involvement of third party lovers and you have the ingredients for an explosion that you will not want to sort out before a judge.

Happily, there is advice that you can give your clients at the onset of the engagement to help them protect themselves. Think of it as a “Do Not Do List.”

Read the entire article here.

Excerpt: It has been years since we talked about passwords in this column. While passwords seem a bit old school, they are still what most people, including lawyers, use to gain access to protected networks and data. As Verizon’s 2018 Data Breach Investigations Report noted, “Eighty-one percent of hacking-related breaches leveraged stolen and/or weak passwords.” Clearly, passwords are not serving law firm security well. Recently, we have seen multi-factor authentication (MFA) adopted more widely, but at a tortoise pace.

Based on the questions we get from audiences at CLES, there is now a fairly burning interest in upping security in law firms – and that’s a very good thing. Let’s start at the beginning with concepts that are sure to be new to some readers.

Fair warning: This is a good time to get a cup of strong coffee.

Read the entire article here.

Excerpt: Lawyers must follow the duty of communication required by Rule 1.4 of the ABA Model Rules of Professional Conduct, which requires lawyers to communicate regularly with clients and to keep clients reasonably apprised of their cases. Following a disaster, a lawyer must evaluate available methods to maintain communication with clients. The opinion instructs that lawyers should keep electronic lists of current clients in a manner that is “easily accessible.” Most lawyers have taken that to mean that the lists should be stored in the cloud so they can access them from an internet connection anywhere.

Lawyers should pay attention to the duty of competency, Rule 1.1, which includes a technology clause that requires lawyers to consider the benefits and risks of relevant technology. Because a disaster can destroy lawyers’ paper files, lawyers “must evaluate in advance storing files electronically” so that they can access those files after a disaster. Storing client files through cloud technology requires lawyers to consider confidentiality obligations. Again, the opinion has been read by lawyers to encourage cloud storage.

With a little due diligence, this should not present much of a problem. We constantly encourage lawyers to keep backups in the cloud. It is prudent to have a local backup, but the cloud provides additional security. As we learned from Katrina, having a backup at the office and one at home a mile away is not sufficiently protecting confidential data.

Read the entire article here.

Excerpt: Several years ago, a Canadian attorney and good friend of ours, invested $10,000 in bitcoin when it was dirt cheap – several hundred per bitcoin. Clearly, he is a lot smarter than us. We can’t even imagine the extent of his profit – the price of bitcoin has been all over the map. It hit an all-time high of $19,343.04 on December 16, 2017. We’re not sure if our friend cashed out, but we suspect he is still holding on to at least part of his “stash” of bitcoins. As of November 15, 2018, one bitcoin is worth $5,465. That’s quite a drop in eleven months.

We become aware of bitcoin wallets a few years ago, as husbands (mostly) began to hide assets from their soon-to-be ex-wives in those wallets. And then came a barrage of ransomware attacks. Law firm after law firm was paying the ransom ($300-$500 in the early days and $1500- $3000 today). The cybercriminals usually want the ransom in bitcoin. To our amazement, there are now bitcoin ATMs available in local gas stations and laundromats complete with posted instructions on creating a bitcoin wallet for the Bitcoin novice.

In July of last year, there were reports of a Citrix UK study which found that a third of UK companies were stockpiling digital currency, mostly in bitcoins, to pay the ransom (an average of approximately $176,000) if they became victims of a ransomware attack. 1

Why talk about Bitcoin when the title of this article references blockchain? Because Bitcoin rides on blockchain technology – that is the technology that powers Bitcoin – along with all the other cryptocurrencies.

Read the entire article here.

Excerpt: Bitcoins are digital currency – and yes, lawyers are beginning to accept them from clients. They are also known as virtual currency or cryptocurrency since cryptography is used to control the creation and transfer of bitcoins. They use peer-to-peer technology with no central authority or banks. The issuance of bitcoins and the managing of transactions are carried out collectively by the network.

Cryptocurrencies are created by a process called mining – by becoming a miner of cryptocurrencies, you make money (not much unless you are a major league miner). We won’t go into all of the technology that is used to create and verify the transactions since it will probably make your head hurt. Mining is accomplished by executing complicated mathematic operations that take a lot of processing power. Hence the new phenomenon of cryptojacking in which miners hijack the computing resources of unknowing victims so they can mine cryptocurrencies. And yes, your network could be victimized and there is little chance you would know unless so much power is used that your network slows down!

Today there are a lot of different cryptocurrencies. Bitcoin is still one of the most well-known and popular. However, other cryptocurrencies such as Ethereum, Bitcoin Cash, Monero, Litecoin, Ripple, Dash, and others are gaining in popularity. They promise to scale better than Bitcoin and to provide stronger anonymous protections. As of April 26, 2018, the amazing number of different cryptocurrencies is 1,759 according to investing.com’s current list located at https://www.investing.com/crypto/currencies. With all the various “flavors” of digital currencies, we’re sure you’ll find one to your liking.

Read the entire article here.

Excerpt: It was more than a year ago that the 3,600-lawyer global megafirm DLA Piper was brought to its knees by a data breach in June of 2017. One of the questions we hear most often when we lecture is, “If DLA Piper can be breached, how do the rest of us stand a chance of preventing a data breach?”

It’s a valid question. The reaction last year varied with the size of the law firm. Larger law firms focused a lot on purchasing or increasing their cyberinsurance coverage after the DLA Piper story made the headlines. They also amped up their security measures, and pried open their wallets to create stronger defense-in-depth strategies.

The smaller firms also began spending more money on cybersecurity, many of them now awakened to the dangers of a breach. From our foxhole, small to mid-size firms particularly began to focus on employee cybersecurity awareness training, newly aware that their greatest asset (their employees) is also their greatest risk. Since 2017, cybersecurity awareness training has been the CLE that we have most often been asked to present.

Read the entire article here.

Excerpt: Pete Banham, cyber resilience expert at Mimecast, commented: “Microsoft Office 365 was hit with major downtime on Friday, with customers around the world unable to access their services or admin portals. An operational dependency on the Microsoft environment creates business risks that need be addressed.” He went on to say that entities need to consider a cyber resilience strategy to allow them to recover from such an outage.

To Microsoft’s credit, it announced later the same day that it had fixed the authentication problem. Certainly, it didn’t solve the PR problem emanating from all the users who couldn’t login.

That certainly made us wonder how long an American law firm would be able to tolerate an Office 365 outage. This is an unsettling thought to many law firms which never thought about Office 365 being unavailable to them.

Read the entire article here.

Excerpt: Sadly, your greatest asset – your employees – are also the greatest threat to your cybersecurity. We know this because we regularly see data breaches and ransomware infections caused by click-happy employees. You also have rogue employees determined to use their own devices, go where they want on the Internet, irrespective of firm policies. When we train them, they tell us that they are scared – and you know what? That means we did our job. One of the great fallacies that employees believe is sometimes called “The IT Shepherd” – they simply have faith that the flock (employees) is protected no matter what they do by the shepherd (technology). You need to make them understand that no technological defenses are ironclad.

Read the entire article here.

Excerpt: Backup is an essential operation for every law firm – and yet, often poorly understood. Having an adequate backup is implicit in the ABA Model Rules for Professional Conduct and their state counterparts, as any legal ethicist will tell you. One of the lawyer’s duties is to competently represent clients. How can you do that if your case files and communications are lost? You could have a hardware failure of your server or a disk crash. What if your cloud provider shut its doors, rendering client data inaccessible? Perhaps your laptop is stolen from your vehicle with client data for a pending matter. There are all kinds of situations where you could lose data or not be able to access it. That is where your backup comes into play. Should you have a catastrophe, you would restore data from your backup and be back in business.

A local backup is also a necessity if you use cloud services and your Internet connection goes down. You could certainly take your laptop to a public open Wi-Fi and get to your data that way, but having a local backup of your data is a good idea too. It gives you a safety net should something catastrophic happen to your cloud provider.

Read the entire article here.