Because lawyers are constantly handling confidential or sensitive information, cybersecurity and the careful handling of this information are an important part of running a successful firm. In this episode of Digital Detectives, hosts Sharon Nelson and John Simek talk to Jim McCauley about some of the ethical issues lawyers face and how the Virginia Bar is helping to educate lawyers on how to handle these issues. Some of these issues include information security and common scams used to hack into confidential data.
- 63 percent used work mobile devices for personal activities
- 94 percent used mobile business devices to connect to public Wi-Fi networks
- 78.5 percent used public Wi-Fi to check work email, and
- 60 percent used public Wi-Fi to gain access to work documents
Last month, Sensei’s John Simek was cited in the article “Things You’ll Wish You Had Done When Your Star Employee Defects” by John B. Farmer of Brand Bodyguards. Brand Bodyguards are experienced trademark lawyers who specialize in monitoring for trademark infringements and policing them.
Excerpt: Sometimes departing employees try to take important company data with them to use in the new job. They might send it out through a personal email account, or upload it to a cloud service, such as Dropbox.
You want to record electronic evidence of any such illicit activity in case you need it in a legal fight.
According to John Simek, who is a principal with the technology services firm Sensei Enterprises, your company’s computer network should be configured to log extensive server and firewall activity.
Simek also said that, for about $30 per computer, you can log all activity between that computer and any devices connected to it by a USB port.
Let’s look at a few statistics. A 2015 Computing Technology Industry Association online survey of 1,200 full-time employees found that 45 percent of the respondents had never had any cybersecurity training from employers, 63 percent used work mobile devices for personal activities, and 94 percent used mobile business devices to connect to public Wi-Fi networks. That same year, an Association of Corporate Counsel survey of over 1,000 general counsels found that only one-in-three tracked attendance at mandatory cybersecurity training, only 19 percent gave a test, and only 17 percent had “simulated security events.” That needs to change.