Recently, Law Technology Today featured the Digital Detectives podcast, “The Evolving Landscape of Law Firm Data Breach Preparation and Response.” Digital Detectives is hosted by Sensei’s Sharon Nelson and John Simek and is for listeners interested in digital forensics, e-discovery, and information security issues. In this episode, Sharon and John talk to David Ries about the need for law firms to develop a quick and logical way to respond to a data breach. They explain the steps in creating an incident response plan and how to rehearse its execution. In the event of a breach, firms can use their plan to quickly eradicate threats and take corrective action. Hackers’ tactics are constantly evolving, but there are many resources to help lawyers keep pace with the threat.
Law Technology Today (LTT) was launched in 2012 to provide the legal community with practical guidance for the present and sensible strategies for the future.
The Metropolitan Washington Employment Lawyers Association (MWELA) will be holding its day-long Annual Conference on Friday, February 1, 2019 at the Mayflower Renaissance Hotel in Washington, DC. Sensei is excited to be a bronze sponsor of this event!
About MWELA: Comprised of over 300 lawyers who regularly advise and represent employees in employment and civil rights disputes. MWELA is the local chapter of the National Employment Lawyers Association, a national organization of more than 3,000 lawyers dedicated to the advancement of employee rights. MWELA supports the orderly and fair development of the law to the benefit of employees. In keeping with its mission, MWELA regularly holds educational programs, discussions, and networking events for its members and in cooperation with other voluntary bar associations. MWELA regularly files amicus briefs on issues of importance in area courts, conducts moot court sessions for its members, and shares information of value to members, enabling them to keep abreast of pertinent developments in the law. Its annual daylong conference is devoted to the latest issues in the practice of employment law.
Sensei’s Sharon Nelson and John Simek were recently featured in Attorney at Work’s “Detect and Respond: Steering Your Firm Through Cyberthreats” by Heidi Alexander. The article is all about highlights from the College of Law Practice Management Futures Conference 2018. (Sharon Nelson was co-chair of this conference)
Excerpt: Guest speaker FBI Special Agent Timothy Russell echoed other speakers in saying the best you can hope for in the current landscape is to “detect and mitigate.” Russell encouraged attendees to work with the FBI to help law firms into a better defensive posture and suggested that it would not necessarily result in an investigation. To provide awareness, Russell encouraged using the government’s website, IC3, to report scams. Later in the day, John Simek, Vice President of Sensei Enterprises, suggested joining the FBI’s public-private partnership program, InfraGard, to receive information regarding known cyberthreats.
If you need advice on how to conduct employee awareness training, the American Bar Association has an on-point CLE, here. This topic was also addressed by Sharon Nelson, President of Sensei Enterprises, and Jody Westby, CEO of Global Cyber Risk, at ABA TECHSHOW 2018.
“Cyberinsurance: Necessary, Expensive, and Confusing as Hell” by Sensei’s Sharon Nelson and John Simek was featured in the October 2018 issue of the Wisconsin Lawyer. The Wisconsin Lawyer is a publication of the State Bar of Wisconsin.
Setting the stage
The title of this article was also the tile of a session presented at ABA TECHSHOW this year. And each part of the title is true. It is absolutely necessary to have cyberinsurance in order to manage your risk. No amount of technology, policies or training can guarantee that you will not be breached. Expensive? Oh yes. Get ready for sticker shock when you purchase cyberinsurance. Because we teach CLEs on cyberinsurance, we can tell you with some assurance that lawyers are very confused about what specific insurance they need. Insurance companies are not very helpful– the various policies offered across the industry are not at all standardized – and of course they are written in complicated language which often obfuscates their meaning.
Where are we today?
Not in a great place. According to a 2017 survey by the data analytics firm FICO, half of U.S. business have no cyberinsurance, 27% have no plans to buy coverage and only 16% report having a policy that covers all cyber risks. There is a certain justified cynicism about cyberinsurance. The news is rife with companies who had cyberinsurance, but found – after being breached – that a substantial portion of their damages were not covered.
Excerpt: On August 23, 2018, the Virginia Law Foundation (VLF), a philanthropic organization established in 1974 and an independent 501(c)(3) organization, held its 2018 Grant Recipient Luncheon in Richmond.
Sensei’s Sharon Nelson and John Simek’s article, “The 2017 DLA Piper Breach Revisited” was featured recently in Slaw Magazine. Slaw is a Canadian online legal magazine.
Excerpt: It was more than a year ago that the 3,600-lawyer global megafirm DLA Piper was brought to its knees by a data breach in June of 2017. One of the questions we hear most often when we lecture is, “If DLA Piper can be breached, how do the rest of us stand a chance of preventing a data breach?”
It’s a valid question. The reaction last year varied with the size of the law firm. Larger law firms focused a lot on purchasing or increasing their cyberinsurance coverage after the DLA Piper story made the headlines. They also amped up their security measures, and pried open their wallets to create stronger defense-in-depth strategies.
The smaller firms also began spending more money on cybersecurity, many of them now awakened to the dangers of a breach. From our foxhole, small to mid-size firms particularly began to focus on employee cybersecurity awareness training, newly aware that their greatest asset (their employees) is also their greatest risk. Since 2017, cybersecurity awareness training has been the CLE that we have most often been asked to present.
Excerpt: Back in 2015, we wrote an article entitled “How Will Watson’s Children Impact the Future of Law Practice?” What a lot has happened in two years! The children of Watson and other Artificial Intelligence (AI) technologies continue to spawn at an ever-accelerating rate.
Only recently has genuine real-world usage of AI in law firms begun to flourish. Amid the initial hype, about 5% of what was ballyhooed as AI, in our judgment, was not. Even today, there is an astonishing amount of hype – everyone wants to say they’ve boarded the AI train. As we write, an article from InfoWorld was just published entitled, “Artificially Inflated: It’s Time to call BS on AI.” While great ‘clickbait’, we think the title overstates the case. The peaks and troughs of AI are well documented, and as we are now at a peak, the hype factor gets greater, while the reality (often very good) is lost in the noise of the hype.
As large firms, which certainly need to be at the forefront of innovation, begin to invest considerable sums in AI, the landscape is changing. Large law firms simply cannot afford – for monetary and brand reasons – to be left behind. Clients will begin to see the efficiencies of AI and its extraordinary possibilities wherever AI may be found. AI will be a honeypot to clients seeking those efficiencies and possibilities.
A brief note: An article of this length cannot adequately address all the players in the legal AI market and what they can do. We call out a few names simply because we’ve run into these companies through colleagues or our reading.
Recently, Sensei’s John Simek was featured in “Alternatives to Email Give Law Clients Secure Communication Options” by Sean La Roque-Doherty of the ABA Journal. The ABA Journal is read by half of the nation’s 1 million lawyers every month. It covers the trends, people and finances of the legal profession from Wall Street to Main Street to Pennsylvania Avenue.
Excerpt: Security professionals have long known about the issues with PGP, says John Simek, vice president of Sensei Enterprises, a digital forensics and information security company. “The real problem is with the way that PGP and S/MIME interact with email programs and the difficulty to properly configure and utilize PGP,” Simek says.
Your goal, says John Simek of Sensei Enterprises, who is Nelson’s partner, is to create a “culture of cybersecurity.” And he has a simple solution: Train your employees.