Cybersecurity for Attorneys
The Problem Facing All Attorneys Today
Data breaches are an everyday event, and legal professionals have a specific obligation to protect themselves and their clients from exposure to these threats.
The first thing lawyers must know is that it is not usually obvious when a firm has been hacked. “The vast majority of the time, (hackers) are using your stolen credentials, as opposed to breaking through technical walls. Then they act like you in the firm’s network, accessing all the files you have access to.
Another common threat comes through malware in an email, also known as a phishing attack, where an individual is asked to click on a link or open an attachment that has been weaponized in such a way that the attacker gains access to your computer. Nation-state attackers target private businesses in 21 percent of breaches to steal data to advance their espionage activities or interests. And firm employees often don’t realize they’ve been hacked for weeks or months, and they usually find out after being contacted by the FBI.
Hackers may insert themselves into an email conversation related to a wire transfer, then redirect the funds to accounts they control. This is a growing type of attack. This is real, and happening every day. Traditional security measures – build big walls to keep out the bad guys – don’t work anymore. Now, firms must leverage good industry standard frameworks, regulatory requirements and tactical responses to guard against common threats.
This is not an IT issue. This is a risk management issue about how you protect your data. breach as cyber episode in which “material client confidential information is misappropriated, destroyed or otherwise compromised, or where a lawyer’s ability to perform the legal services for which the lawyer is hired is significantly impaired by the episode.
The New York State Bar Association Committee on Professional Ethics has similarly concluded that a lawyer must notify affected clients of information lost through an online cloud data storage provider. N.Y. State Bar Ass’n Eth. Op. 842 (2010). According to the NYSBA, “If the lawyer learns of any breach of confidentiality by the online storage provider, then the lawyer must investigate whether there has been any breach of his or her own clients’ confidential information, notify any affected clients, and discontinue use of the service unless the lawyer receives assurances that any security issues have been sufficiently remediated.”
The bottom line is that all firms – big and small – need to be careful with data to protect themselves and clients. Practice good cyber hygiene and make sure your providers and vendors follow suit. You can never outsource accountability. This includes ongoing employee awareness training and testing, patching, conducting regular vulnerability risk assessments, implementing and monitoring a disaster recovery plan.
Cyberlitica is in the business of cyber risk management. We prevent companies’ digital information and intellectual property being held hostage by cyber criminals.
The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business Professionals, Second Edition
The Solution-Cybersecurity Kit for Attorneys
24x7x365 Dark Web Monitoring & Notification
Instant notifications via email or text message within seconds of a data breach. Includes monitoring your work and personal email.
Dark Web Risk & Audit Report
Are your employees already on the Dark Web? We will tell you with our detailed Audit Report with a complete history going back seven years to see what breaches they were involved in so you can take appropriate action now.
Dark Web Password Search Engine
Are your passwords for sale on the Dark Web? We can tell you with our powerful password search engine.
Are you being spoofed by copycat domains? We can tell you instantly with our domain intelligence services.
Too many passwords? Don’t remember your password? Our organizer will make your digital life easier.
Strong Password Analyzer
How do you stay safe on the Internet? The answer is with a very strong password. Our Strong Password Analyzer will help you get it right and keep you safe.
Phish Your Employees
91% of cyber-attacks start with someone clicking on a phishing email. Find out who in your organization is putting you at risk.
Branded Cybersecurity Video Training Portal
Comprehensive video library that includes everything you need to know about how to keep your employees stay safe in cyberspace.
How to Write an Information Security Policy
With our "how-to guide", we can guide you in writing an Information Security Policy to ensure that all users of your networks are within the organization's security policies.
"Cybersecurity is Everybody’s Business cuts through the scare tactics and hype to deliver the most imperative guidance for securing small businesses and everyone else" - Frank Abagnale, Security Consultant and inspiration for the film Catch Me If You Can
Cybersecurity News Flash Service
Find out immediately about the latest breaches that could affect you and your company.
Detailed reports delivered to you when you need them.
Complete Cyber Surival Kit Only $195.00 Per Month
Up to 100 Employees