Because lawyers are constantly handling confidential or sensitive information, cybersecurity and the careful handling of this information are an important part of running a successful firm. In this episode of Digital Detectives, hosts Sharon Nelson and John Simek talk to Jim McCauley about some of the ethical issues lawyers face and how the Virginia Bar is helping to educate lawyers on how to handle these issues. Some of these issues include information security and common scams used to hack into confidential data.
- 63 percent used work mobile devices for personal activities
- 94 percent used mobile business devices to connect to public Wi-Fi networks
- 78.5 percent used public Wi-Fi to check work email, and
- 60 percent used public Wi-Fi to gain access to work documents
Last month, Sensei’s John Simek was cited in the article “Things You’ll Wish You Had Done When Your Star Employee Defects” by John B. Farmer of Brand Bodyguards. Brand Bodyguards are experienced trademark lawyers who specialize in monitoring for trademark infringements and policing them.
Excerpt: Sometimes departing employees try to take important company data with them to use in the new job. They might send it out through a personal email account, or upload it to a cloud service, such as Dropbox.
You want to record electronic evidence of any such illicit activity in case you need it in a legal fight.
According to John Simek, who is a principal with the technology services firm Sensei Enterprises, your company’s computer network should be configured to log extensive server and firewall activity.
Simek also said that, for about $30 per computer, you can log all activity between that computer and any devices connected to it by a USB port.
Let’s look at a few statistics. A 2015 Computing Technology Industry Association online survey of 1,200 full-time employees found that 45 percent of the respondents had never had any cybersecurity training from employers, 63 percent used work mobile devices for personal activities, and 94 percent used mobile business devices to connect to public Wi-Fi networks. That same year, an Association of Corporate Counsel survey of over 1,000 general counsels found that only one-in-three tracked attendance at mandatory cybersecurity training, only 19 percent gave a test, and only 17 percent had “simulated security events.” That needs to change.
It’s no secret that access to justice is a significant issue within the legal industry, but when did lawyers first recognize the problem and how are they working to solve it? In this episode of The Digital Edge, hosts Sharon Nelson and Jim Calloway discuss low bono legal services with Shantelle Argyle, executive director of Open Legal Services. Their discussion includes the unintended consequences of the access to justice movement, the biggest barriers to innovation in legal services, and the role of Open Legal Services as a legal aid organization. They also discuss what’s different about today’s legal services consumers and how they affect access to justice.
On May 26th, Sensei President Sharon Nelson was elected to a two-year term to serving as a member of the ABA Law Practice Management Division’s governing Council. She also serves as the Chair of the Division’s Professional Development Board.
Sharon Nelson and John Simek’s article, “Ransomware: No Honor Among Thieves and More Expensive” was featured recently in Slaw Magazine. Slaw is a Canadian online legal magazine.
Excerpt: The FBI says that ransomware nets cybercriminals $1 billion a year. No wonder so many people want a piece of that pie.
Computerworld recently reported that hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to provide the decryption key for encrypted data rose to $1,077, up from $294 the year before, according to a report from security firm Symantec. Symantec also reported a 36% increase in ransomware in 2016 from the prior year. We are aware of small law firms in Virginia that paid $1200 and $3000 to get their data back – the damage being furthered by the length of time it took to restore the data.
Helping to fuel the ransomware boom is the digital black market, where hackers can sell ransomware kits for as little as $10 and as much as $1,800, making it easier for other cybercriminals who can’t code to get a piece of the action.
In the Ride the Lightning blog (Yes, You Can Get Bitcoins from an ATM), Sharon Nelson notes that she discovered a Bitcoin ATM in her local Shell station, which came with a sheet of instructions (replicated on her company site here). The sheet of instructions includes a list of other places where you can find Bitcoin ATMs in the D.C. Metro area including other gas stations, two laundromats and a falafel shop. Sharon took a photo of the ATM, which is displayed in her blog via the link above.
Sharon Nelson was quoted in “Cybersecurity – Law firms setting up cyber specialties as attacks grows” by Pepper Van Tassell and Gina Gallucci-White featured in Virginia Lawyers Weekly.
- “Law firms are always scanning the horizon, and cybersecurity is not only a Goliath, but it is a Goliath that is never going away.”
- “ We are here to stay in the digital world, and data is black gold. Data is the new oil, and having seen that, law firms are very responsive.”
- “ With the larger firms in particular, they want people to have one-stop shopping, and if they don’t have people in these fields, they are not offering one-stop shopping. If their clients get breached, it is a very expensive proposition. One part of that is legal fees, so of course they would like those legal fees to adhere to them.”
Excerpt: “When it comes to tracked data breaches, The United States hit an all-time high last year with 1,093 reported breaches. That is a nearly 40 percent increase from 780 documented cases the previous year, according to a study released in January by Identity Theft Resource Center in San Diego and CyberScout in Scottsdale, Arizona.”
Read the entire article here http://valawyersweekly.com/digital-edition/
Recently, the Association of Legal Administrators (ALA) of Northern Virginia featured a Ride the Lightning post on the News section of their website. The post, “Highlights: Verizon 2017 Data Breach Investigations Report” is just what it sounds like. Ride the Lightning is an electronic evidence and cybersecurity blog by Sensei’s Sharon Nelson.
Excerpt: It’s always a challenge to boil down the stats and takeaways from Verizon’s annual Data Breach Investigations Report (DBIR). The report is based on data from more than 42,000 security incidents and nearly 2,000 breaches across 84 countries. Here are some of major highlights.
- Cybercriminals are targeting smaller companies. 61% of the data breach victims in this year’s report have fewer than 1,000 employees.
- 1 in 14 users fall for phishing e-mails. 25% of them fall more than once.
- 51% of the data breaches involved malware. Ransomware is now the 5th most common form of malware involved in data breaches and the first in what the report calls the Crimeware pattern.