Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
FINAL
New Cyber Threats Pose a Challenge to Law Firms
By: Matthew Magner, J.D., CPCU, RPLU
Cyber threats seem to be the nu...
Another threat to law firms are office copiers, fax machines and printers, which often
contain hard drives not unlike thos...
Upcoming SlideShare
Loading in …5
×

FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL

  • Login to see the comments

  • Be the first to like this

FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL

  1. 1. FINAL New Cyber Threats Pose a Challenge to Law Firms By: Matthew Magner, J.D., CPCU, RPLU Cyber threats seem to be the number one concern for law firms these days, and with good reason. While all law firms are at risk of a data breach, former ABA President, Laurel Bellows, declared that small law firms, in particular, have become cyber criminals’ latest victims. In 2011, Mandiant, an information security company, estimated that 80 U.S. law firms were hacked; looking at more recent studies, it’s not difficult to imagine that the number of law firm data breaches has since increased significantly. In 2014, data breaches worldwide totaled 1,540 up 46% from 2013—representing almost 1 billion data records that were either lost or stolen according to a report by digital security firm Gemalto. As companies find ways to prevent data breaches, the criminals continue to come up with new techniques to steal valuable data. Following are several evolving trends that pose significant security threats to law firms that can be difficult to prevent. However, by educating law firm staff about these trends as well as best practices to protect valuable data, law firms can make it more difficult, if not impossible for criminals to steal data. The WiFi Pineapple is not as sweet as it sounds. With a simple Google search, anyone can purchase this inexpensive device that looks like, and mimics, a wireless router. The Pineapple can pretend to be a legitimate Wi-Fi source, enabling a cybercriminal to intercept transmissions, record keystrokes or redirect victims to malicious websites. For instance, law firm staff accessing free Wi-Fi while staying at a hotel during a business trip or catching up on e-mails at a favorite coffee shop, could find that their laptop or smart phone is being intercepted by a Pineapple device that is capturing user names and passwords. Side channel emissions are tiny signals emitted by an electronic device, such as a laptop or smart phone even when it’s not connected to the Internet, that can offer hackers a big win. Hackers, located several feet away from the device or even in another room, can listen to these signals and hijack what is being typed. For instance, an attorney preparing a sensitive trial strategy report on an airplane may not realize that the laptop will emit acoustic signals that can be picked up by an antenna, microphone or radio placed nearby, possibly hidden in a briefcase, and provide the hacker with valuable attorney-client information--without the attorney ever accessing the internet.
  2. 2. Another threat to law firms are office copiers, fax machines and printers, which often contain hard drives not unlike those in desktop computers. These hard drives are capable of storing massive amounts of information; this may include tax returns, medical records, financial information and more. In some cases, vendors or employees may access these hard drives without authorization, or criminals may “rescue” discarded copiers/fax machines/printers and their hard drives that still contain valuable data. Law firms can help mitigate their exposure to these new threats as well as other data breach risks by following best practices. • Look Alert. Employees should be aware of their surroundings when they access the Internet outside of the office, especially if someone has placed an unusual object nearby; it could be a device that is capturing keystrokes. Tell employees to try to avoid logging on to password protected sites while using public Wi-Fi. • Wipe It Clean. Confirm that encryption technology is used for hard drives in printers, fax machines and copiers, and that the data is wiped or destroyed prior to disposal of the device. Never use a public copier for sensitive information. • Take Precautions. Turn off the Wi-Fi on electronic devices when you don’t need an Internet connection, and only use a network that is WPA-encrypted and requires a password. Consider purchasing VPN (virtual private network) software or an App for your mobile device that will encrypt your connection. Law firms should also consider consulting with a legal professional regarding their practices and purchasing a cybersecurity (network security and privacy) policy. Most lawyer’s professional liability policies require that the definition of “professional services” be triggered for liability claims and do not extend coverage to the myriad of first-party exposures such as forensic and compliance assessment expenses, notification costs, business interruption expenses, fines and penalties, and extortion demands. But, perhaps the most important line of defense is education. Educating law firm staff about these trends and best practices can help keep hackers out of your firm’s network. Matt Magner is a senior underwriting officer for the Chubb Group of Insurance Companies can be contacted at mmagner@chubb.com.

×