Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
[email protected] | 407.409.8828
LAW FIRMS ARE A TARGET FOR HACKERS
[email protected] | 407.409.8828
LAW FIRMS TARGETED BY HACKERS
Akin Gump Strauss Hauer & Feld
Allen & Overy
Baker & Hostetler
Baker Botts
Cadwalader Wickersham & Taf
Cleary Gottlieb Steen & Hamilton
Covington & Burling
Cravath Swaine & Moore
Davis Polk & Wardwell
Debevoise & Plimpton
Dechert
DLA Piper
Ellenoff Grossman & Schole
Freshfields Bruckhaus Deringer
Fried Frank Harris Shriver &
Jacobson
Gibson Dunn & Crutcher
Goodwin Procter
Hogan Lovells
Hughes Hubbard & Reed
Jenner & Block
Jones Day
Kaye Scholer
Kirkland & Ellis
Kramer Levin Naftalis & Frankel
Latham & Watkins
McDermott Will & Emery
Milbank Tweed Hadley & McCloy
Morgan Lewis & Bockius
Morrison & Foerster
Nixon Peabody
Paul Hastings
Paul Weiss Rifkind Wharton &
Garrison
Pillsbury Winthrop Shaw Pittman
Proskauer Rose
Ropes & Gray
Schulte Roth & Zabel
Seward & Kissel
Shearman & Sterling
Sidley Austin
Simpson Thacher & Bartlett
Skadden Arps Slate Meagher &
Flom
Sullivan & Cromwell
Vinson & Elkins
Wachtell Lipton Rosen & Katz
Weil Gotshal & Manges
White & Case
Wilkie Farr & Gallagher
List by Flashpoint (via Crain’s Chicago Business
[email protected] | 407.409.8828
Reported Law Firm Security BreachesABA LTRC TECH SURVEY
[email protected] | 407.409.8828
Where are the threats?
• Lost or stolen devices
• Poor passwords
• Disposal of data
• Social Engineering
• Photocopiers
• Shredding machines
• Flash drives
• Hackers
• 3rd party providers / vendors– Cloud storage
(Google Drive, DropBox, eDiscovery Systems, etc)
– Practice Management Cloud-based services
– E-discovery/ litigation
– Court Reporters -Audio/Video Tapes, Transcripts
[email protected] | 407.409.8828
Risk Management Misconceptions
• IT (or SOMEONE) is on top of it
• We are too small
• Data stored off-site
• Data stored with a third-party
• Mobile devices are secure because they are password protected
[email protected] | 407.409.8828
#1 Threat: Email
• Email spoofing/fraud attempt targeting a specific organization or person
• Access confidential data or hold documents for ransom, infect computers
• Education– Understand social media factor
– Ongoing awareness campaign
• Email hygiene / Filtering
[email protected] | 407.409.8828
#2 Threat: Humans
[email protected] | 407.409.8828
Your Passwords are Weak
• Use 2-factor authentication everywhere
• Have a STRONG password of at least 12 characters or a pass phrase
• Don’t use the same password everywhere
• Change your passwords regularly
• Change the defaults
• Require screen saver passwords
1.123456 (Unchanged)2.password (Unchanged)3.12345678 (Up 1)4.qwerty (Up 1)5.12345 (Down 2)6.123456789 (Unchanged)7.football (Up 3)8.1234 (Down 1)9.1234567 (Up 2)10.baseball (Down 2)11.welcome (New)12. 1234567890 (New)13. abc123 (Up 1)
14. 111111 (Up 1)15. 1qaz2wsx (New)16. dragon (Down 7)17. master (Up 2)18. monkey (Down 6)19. letmein (Down 6)20. login (New)21. princess (New)22. qwertyuiop (New)23. solo (New)24. passw0rd (New)25. starwars (New)
THE 25 MOST POPULAR PASSWORDS OF 2015 STILL SUCK
[email protected] | 407.409.8828
Encryption
• Whole disk encryption
• Biometric access
• Backup media should be encrypted
• Make sure the data is encrypted in transit and while being stored
• Be sure that employees of the backup or cloud vendor do not have access to decrypt keys
• Thumb drives should be encrypted
[email protected] | 407.409.8828
Secure Browsing
Be sure you have…
• Antivirus against online threats
• A security product against spyware
• A pop-up blocker
• A back-up product or system to make sure you are covered in case of disaster
• A utility program to clean unwanted files (temporary Internet files or cookies) and orphan Windows registry files
https://heimdalsecurity.com/blog/ultimate-guide-secure-online-browsing
[email protected] | 407.409.8828
Aircards / Broadband Cards
• Preferred wireless connection because the data is secured from the very beginning!
• Uses cellular connection
• You don’t have to worry about whether you have an https:// session or not
• $40 – 60 / month
• Add-on to cellular service
[email protected] | 407.409.8828
Wireless• Wireless networks should be
set up with the proper security– WEP is weak
– the only wireless encryption standards that have not been cracked (yet) are WPA with the AES or WPA2
• Use wireless hot spots with great care– Do not enter any credit card
information or login credentials without seeing https
[email protected] | 407.409.8828
Consider Client Portals
• Clients now expect
– Access to their documents 24x7
– Access to WIP before the bill arrives
– Notification of all key milestones
– Live feeds of all significant case activity
– Threaded discussions
• Secure client communications
• All matter files and communications in one place
[email protected] | 407.409.8828
Smartphones and Tablets
• Label devices
• Have strong passcode policies
• Set idle timeouts
• Update, update, update
• Do not "jailbreak" or "root" your devices
• Apps from trusted sources
• MDM if possible
• Find My iPhone or an equivalent
• If supported encrypts storage/ hardware
[email protected] | 407.409.8828
Laptops
• Strong password, biometrics if possible
• Encrypt hard drive
• Robust firewall
• Bluetooth
• Get privacy screens
• User access controls
• Remove bloatware
[email protected] | 407.409.8828
Miscellaneous Tips
• Employee termination
• Dispose of anything that
holds data, including a
digital copier, securely
• Scrub metadata,
redact docs