Just because you get Office 365 installed and working properly doesn’t mean that it’s automatically secure. In this episode of Digital Detectives, hosts Sharon Nelson and John Simek talk to Brandon Koeller about the Office 365 Secure Score and other best practices to keep you secure in the cloud. While the Secure Score can help, they also discuss where the score falls short and how lawyers can tend to high level risks in order to address key threats within the cloud.
Mueller’s observation is true for attorneys and law firms as well as small businesses through Fortune 500 companies. There have now been numerous reports of law firm data breaches. The FBI has reported that it is seeing hundreds of law firms being increasingly targeted by hackers. Law firm breaches have ranged from simple (like those resulting from a lost or stolen laptop or mobile device) to highly sophisticated (like the deep penetration of a law firm network, with access to everything, for a year or more).
Lawyers and law firms are beginning to recognize this new reality, but all too often they expose themselves to unnecessary risk simply because they don’t have a response plan for security incidents and data breaches. Attorneys have ethical and common law duties to employ competent and reasonable measures to safeguard information relating to clients. Many attorneys also have contractual and regulatory requirements for security. Attorneys also have ethical and
common law duties to notify clients if client data has been breached.
Compliance with these duties includes implementing and maintaining comprehensive information security programs, including incident response plans, for law practices of all sizes, from solos to the largest firms. The security programs and response plans should be appropriately scaled to the size of the firm and the sensitivity of the information.
Excerpt: With so many recent disasters and perhaps more ahead, the ABA Law Practice Division advises you to do some planning NOW.
Have a Disaster Recovery Plan which you review annually. Define who is responsible for what. It should be electronic and in the cloud, as well as in paper. Several trusted members of the firm should also keep a paper copy at home.
Communications are always the #1 problem. An emergency contact list should be in paper and in the cloud where it can be accessed via a computer or a phone.
Virginia Lawyers Weekly (VLW) recently released their “Reader Rankings” edition where VLW readers get to place their votes for companies who embody the best of each category. We are thrilled to have been voted #1 E-Discovery Provider in Virginia by VLW readers – thank you so much! Virginia Lawyers Weekly has been the commonwealth’s top source of legal information for practicing attorneys since 1986, providing a traditional weekly newspaper with innovative Internet benefits, e-mail services and Web-based reporting.
On August 27, Doug Austin of CloudNine featured the Ride the Lightning (RTL) blog post “New Phising Attacks Impacts 10% of Office 365 Users” in his own post. His blog post, “New Phishing Scam Goes After Office 365 Users: Cybersecurity Trends” is featured in CloudNine’s eDiscovery Daily Blog. CloudNine is a legal intelligence technology company with deep expertise in the analysis, processing, and review of electronically stored information (ESI). Ride the Lightning is an electronic evidence and cybersecurity blog by Sensei’s Sharon Nelson.
Excerpt: According to a recent blog post, there’s a new phishing campaign where the scammers are taking advantage of a small, but serious oversight in Microsoft’s Office 365 suite of online services to serve phishing emails that are visually indistinguishable from work-related emails and appear completely safe. This new attack has impacted an estimated 10% of Office 365 users worldwide.
As reported in Bitdefender (The Underrated Importance of Training Your Staff to Spot Devious Phishing Attacks, written by Filip Truta, and covered by Sharon Nelson’s excellent Ride the Lighning blog), PhishPoint, as the campaign is dubbed, has a variant that most other phishing scams don’t: it goes beyond email and uses SharePoint to harvest end-users’ credentials.
No lawyer should assume their firm’s technology is secure. In this episode of The Digital Edge, hosts Sharon Nelson and Jim Calloway talk to Lucian Pera about the ethics of lawyers using the cloud and how they can use it with confidence. They break down the different cloud providers, the dangers that can potentially crop up when using the cloud, and the importance of having a technology mentor that lawyers can turn to with questions whenever they need it.
- Cybersecurity standards for small businesses
- How to prevent data breaches using a combination of technology, policies and training
- Secure computing when you’re on the road
- Two factor authentication
- Intrusion detection systems
- The new rules for strong passwords and password management
- What you must do after a data breach and the components of an Incident Response Plan
- Defending against – and recovering from – ransomware
You might think that all you need to avoid cyber schemes is common sense, but even the biggest law firms require employee training to avoid attacks. In 2017, DLA Piper, the largest law firm in the world, suffered a catastrophic cyber attack. In this episode of Digital Detectives, hosts Sharon Nelson and John Simek talk about how important cyber security awareness training is and potential training methods firms can use to instruct employees and partners. They share basic training tips and expand on the different kinds of common schemes, like phishing, ransomware, and social media attacks.