This document outlines the cybersecurity risks faced by law firms and the steps they should take to protect themselves and their clients. It discusses how law firms are vulnerable targets due to weaknesses in their security protocols. A security assessment is recommended to identify vulnerabilities, followed by continuous monitoring to maintain protection. Establishing attorney-client privilege for communications and properly structuring the role of outside agents are also covered. The presentation aims to educate law firms on cybersecurity best practices.
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesKroll
The SEC Office of Compliance Inspections and Examinations (OCIE) issues risk alerts on cybersecurity to keep registered broker-dealers, investment advisers, and investment companies up to date regarding SEC focus areas for cyber.
OCIE examinations have focused on firms’ written policies and procedures regarding cybersecurity, including validating and testing that such policies and procedures were implemented and followed.
This presentation was prepared by Greg Michaels and Terry Mason for the Duff & Phelps Alternative Investments conference.
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
Paula Garrecht, Partner and Commercial Insurance Broker at Capri Insurance, explores the emerging risk of cyber attacks and data breaches with specific relation to public entities. In the ever changing landscape of business communications and processes we face ever changing risks as well. Learn how to:
1. Identify cyber exposures
2. Minimize those exposures
3. Find the right insurance policy to fit your unique cyber needs
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesKroll
The SEC Office of Compliance Inspections and Examinations (OCIE) issues risk alerts on cybersecurity to keep registered broker-dealers, investment advisers, and investment companies up to date regarding SEC focus areas for cyber.
OCIE examinations have focused on firms’ written policies and procedures regarding cybersecurity, including validating and testing that such policies and procedures were implemented and followed.
This presentation was prepared by Greg Michaels and Terry Mason for the Duff & Phelps Alternative Investments conference.
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
Paula Garrecht, Partner and Commercial Insurance Broker at Capri Insurance, explores the emerging risk of cyber attacks and data breaches with specific relation to public entities. In the ever changing landscape of business communications and processes we face ever changing risks as well. Learn how to:
1. Identify cyber exposures
2. Minimize those exposures
3. Find the right insurance policy to fit your unique cyber needs
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Kroll
With a dramatic increase in high-profile receiverships, regulatory fact finding, and class action lawsuits, it’s clear that cases involving blockchain technology are on the rise—and so is the risk these engagements bring to your firm. Learn what you can do to recognize when digital assets (such as Bitcoin and Ethereum) are involved in an engagement, how to reduce your exposure to risk with proper collection and review processes, and how to uncover and understand all the relevant information.
Presented by Josh McDougall, Director, Cyber Risk at Kroll during RelativityFest 2018
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
Getting in Shape – NYDFS Cyber Security Regulations Webinar
Presenters: Shawn Tuma, Cybersecurity & Data Protection Attorney, Scheef & Stone LLP | Bill Belcher, VP Americas, Boldon James In an initiative to protect New York’s financial services industry, a new State regulation has been introduced to protect consumers and financial institutions from cyber-attacks. Effective March 1, 2017, this risk-driven regulation requires all financial services institutions regulated by the Department of Financial Services (DFS) to establish and maintain a cyber security program that will protect both customers’ private data and the technology that supports this. The impact stretches down through the supply chain, as any organization that conducts business with the NYC financial services sector has to adopt the same level of data protection.
Watch this webcast to learn:
The key requirements of the NYC Cyber security regulation
How compliance is about process first, then people and technology
What organizations need to be doing to ensure they comply
How data classification can help ensure compliance
NYDFS Cybersecurity Regulations (23 NYCRR 500) New York is one of the biggest financial hubs in the world; as you can imagine where there is sensitive financial information, there are people who want to get their hands on it. It is for this reason major financial firms operating in New York will face stiff cyber security obligations under the new New York Department of Financial Services Cybersecurity Regulations (23 NYCRR 500). This regulation will apply to firms holding a banking, insurance or financial services licence to operate in New York. 23 NYCRR 500 has been effective as of March 1st 2017, although firms have 180 days from this introduction date to change internal systems in order to meet new compliance and regulation standards. This fact sheet outlines:
23 NYCRR 500 overview
Key dates for covered entities
Key tasks for compliance
How Boldon James can help
Please complete the adjoining form to request it.
Georgie Collins and Dan Hedley, Irwin Mitchell LLP presented, "Data breaches and the law, a practical guide" at Flight East 2018. For more information on Black Duck by Synopsys, please visit our website at www.blackducksoftware.com.
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Jim Brashear
Presentation for the North Carolina State Bar seminar on Real Estate Hot Topics on February 20, 2015. This presentation focuses on email security and its role in complying with the ALTA Best Practice on Privacy and Protection of Non-Public Personal Information.
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents.
This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite.
Our featured speakers for this timely webinar will be:
-Bill Hardin, Director of Data Privacy Response & Investigations, Navigant
-Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine
-Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 Systems
In the modern-day climate, more and more industries have had to increase IT security
expenses to provide a trusted system of security to all client/company PII from unauthorized users. The massive spike in IT security spending was brought on by the recent cyber breach on Equifax, in which millions of clients’ PII was accessed and distributed by an unauthorized user infiltrating the system. Like the Equifax attack, so many of these attacks require user-interaction to be activated or spread, so organizations must be on the forefront of understanding the internal threats of their own employees can impose.
Cyber Security Planning: Preparing for a Data BreachFletcher Media
Presented by Clark Insurance in Portland, Maine, this two hour seminar featured lead panelists in the privacy security business.
This presentation reviews all aspects of a data breach from preparation, discovery, plan implementation, cyber insurance, crisis communication and PR policies and protocols.
In this report, we breakdown the Target attack to 11 detailed steps, beginning with the initial credential theft of Target’s HVAC contractor to the theft of PII and credit cards. Particular attention is given to those steps, unknown until now, such as how the attackers were able to propagate within the network. Throughout this report we highlight pertinent insights into the Tactics, Techniques and Procedures (TTPs4) of the attackers. Finally, we provide recommendations on the needed security measures for mitigating similar advanced targeted attacks.
I wrote this paper on 2014 as the VP of Research for Aorato
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
With every Security & Privacy Breach survey pointing towards insiders as a potential threat and incidents leading to data loss and violation of the corporate information security policy, it is imperative that we answer the following questions:
Who are these insiders?
What activities do they carry out to breach security?
Why an insider seeks to cause harm?
How do we mitigate this threat?
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Kroll
With a dramatic increase in high-profile receiverships, regulatory fact finding, and class action lawsuits, it’s clear that cases involving blockchain technology are on the rise—and so is the risk these engagements bring to your firm. Learn what you can do to recognize when digital assets (such as Bitcoin and Ethereum) are involved in an engagement, how to reduce your exposure to risk with proper collection and review processes, and how to uncover and understand all the relevant information.
Presented by Josh McDougall, Director, Cyber Risk at Kroll during RelativityFest 2018
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
Getting in Shape – NYDFS Cyber Security Regulations Webinar
Presenters: Shawn Tuma, Cybersecurity & Data Protection Attorney, Scheef & Stone LLP | Bill Belcher, VP Americas, Boldon James In an initiative to protect New York’s financial services industry, a new State regulation has been introduced to protect consumers and financial institutions from cyber-attacks. Effective March 1, 2017, this risk-driven regulation requires all financial services institutions regulated by the Department of Financial Services (DFS) to establish and maintain a cyber security program that will protect both customers’ private data and the technology that supports this. The impact stretches down through the supply chain, as any organization that conducts business with the NYC financial services sector has to adopt the same level of data protection.
Watch this webcast to learn:
The key requirements of the NYC Cyber security regulation
How compliance is about process first, then people and technology
What organizations need to be doing to ensure they comply
How data classification can help ensure compliance
NYDFS Cybersecurity Regulations (23 NYCRR 500) New York is one of the biggest financial hubs in the world; as you can imagine where there is sensitive financial information, there are people who want to get their hands on it. It is for this reason major financial firms operating in New York will face stiff cyber security obligations under the new New York Department of Financial Services Cybersecurity Regulations (23 NYCRR 500). This regulation will apply to firms holding a banking, insurance or financial services licence to operate in New York. 23 NYCRR 500 has been effective as of March 1st 2017, although firms have 180 days from this introduction date to change internal systems in order to meet new compliance and regulation standards. This fact sheet outlines:
23 NYCRR 500 overview
Key dates for covered entities
Key tasks for compliance
How Boldon James can help
Please complete the adjoining form to request it.
Georgie Collins and Dan Hedley, Irwin Mitchell LLP presented, "Data breaches and the law, a practical guide" at Flight East 2018. For more information on Black Duck by Synopsys, please visit our website at www.blackducksoftware.com.
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Jim Brashear
Presentation for the North Carolina State Bar seminar on Real Estate Hot Topics on February 20, 2015. This presentation focuses on email security and its role in complying with the ALTA Best Practice on Privacy and Protection of Non-Public Personal Information.
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents.
This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite.
Our featured speakers for this timely webinar will be:
-Bill Hardin, Director of Data Privacy Response & Investigations, Navigant
-Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine
-Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 Systems
In the modern-day climate, more and more industries have had to increase IT security
expenses to provide a trusted system of security to all client/company PII from unauthorized users. The massive spike in IT security spending was brought on by the recent cyber breach on Equifax, in which millions of clients’ PII was accessed and distributed by an unauthorized user infiltrating the system. Like the Equifax attack, so many of these attacks require user-interaction to be activated or spread, so organizations must be on the forefront of understanding the internal threats of their own employees can impose.
Cyber Security Planning: Preparing for a Data BreachFletcher Media
Presented by Clark Insurance in Portland, Maine, this two hour seminar featured lead panelists in the privacy security business.
This presentation reviews all aspects of a data breach from preparation, discovery, plan implementation, cyber insurance, crisis communication and PR policies and protocols.
In this report, we breakdown the Target attack to 11 detailed steps, beginning with the initial credential theft of Target’s HVAC contractor to the theft of PII and credit cards. Particular attention is given to those steps, unknown until now, such as how the attackers were able to propagate within the network. Throughout this report we highlight pertinent insights into the Tactics, Techniques and Procedures (TTPs4) of the attackers. Finally, we provide recommendations on the needed security measures for mitigating similar advanced targeted attacks.
I wrote this paper on 2014 as the VP of Research for Aorato
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
With every Security & Privacy Breach survey pointing towards insiders as a potential threat and incidents leading to data loss and violation of the corporate information security policy, it is imperative that we answer the following questions:
Who are these insiders?
What activities do they carry out to breach security?
Why an insider seeks to cause harm?
How do we mitigate this threat?
Cyber security and demonstration of security toolsVicky Fernandes
Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
With 2015 cybersecurity themes and realities nearly in the rearview mirror, “Cybersecurity – Securing your 2016 Audit Plan” will shift our outlook to looking forward into what cybersecurity predictions are being made for 2016, and what key topics and themes will drive 2016 audit planning in the cybersecurity area.
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
In this presentation, you will
-Gain an understanding of leading edge risk management practices for Credit Unions.
-Gain insight on the Board and Supervisory Committees’ role in the internal control structure.
Recognize areas of potential weakness in the organization.
Gain an understanding of the regulatory environment and impact on risk management.
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
Matthew Professional CV experienced Government Liaison
CYBER SECURITY FOR LAW FIRMS
1. Scott B. Suhy
CEO
NetWatcher.com
scott.suhy@netwatcher.com
CYBER SECURITY FOR LAW FIRMS
What steps your firm should take to
protect against a cyber attack
Steve Britt
Partner
Berenzweig Leonard
sbritt@berenzweiglaw.com
Steve Rutkovitz
CEO
Choice Cyber Security
steve@choicecybersecurity.com
2. Agenda
•Why law firms are vulnerable to cyber attack
•What are lawyer's ethical duties
•The value of privilege & how to obtain it
•The value of the security assessment
•The value of continuous security monitoring
•Q&A
2
4. • Wiley Rein hacking in 2012
• Cravath, Swain & Moore + Weil Gotshal & Manges hacked in 2015
• Fenwick & West has been hacked twice
• The 2015 ABA Law Firm Survey of 90,000 respondents reported;
• 25% of firms with at least 100 attorneys have a breach,
• 15% of all firms have had a breach
• 34% of 100 law firms have had clients request a security audit
• Large clients routinely send security due diligence questionnaires
• Most common types of breaches: Loss or theft of laptops, thumb
drives, smart phones or tablets, spear phishing and
employees/third parties using unauthorized hardware and software
(Evernote/Google Drive)
Current Data Breach Landscape
5. • Their organization’s protection
level is usually weaker than their
corporate counterparts
(customers)
• Law firms rarely report a
breach…
According to the 2015 ABA Legal Technology Survey
Report, 15 percent of overall firms and 25 percent of law
firms with at least 100 attorneys have experienced a
breach, yet almost half of attorneys say their firms have
no data breach response plan in place. (more here).
Bottom-line:
Law firms are great targets
for cybercriminals
6. Confidential details of offshore accounts for 12
world leaders & 128 public officials.
11.5 million confidential documents and 2.6
terabytes of data were stolen.
The firm’s customer facing WordPress website
was running an outdated/vulnerable version of a
plugin called ‘Revolution Slider’ that enabled a
hacker to exploit a well known bug and gain
access to its mail servers hosted on the same IP
network.
The exploit was well known to the hacker
community and published back in October 2014
however the plugin was never updated
Case Study: Mossack Fonseca
The Panama Papers
We have hundreds of law firms that we see increasingly
being targeted by hackers.”– Mary Galligan, the special
agent in charge of cyber and special operations for the
FBI’s New York Office.
7. Hacktivist
Puckett & Faraj, a Washington-area firm, was hacked
by activists associated with the group Anonymous,
who were angered by the firm’s representation of a
U.S. soldier who pleaded guilty in connection with his
role in the death of 24 Iraqi civilians. (more)
Cyberespionage
Gipson Hoffman & Pancione, based in Los Angeles,
was hacked because of a software piracy lawsuit it
filed against the Chinese government. (more)
Financial Gain
A broker named “Oleras” living in Ukraine was
detected attempting to hire hackers to break into
firms’ computer systems so he could trade on insider
information at Flashpoint, a New York threat
intelligence firm. (more)
Insider Trading
Hackers broke into the computer networks at some of
the country’s most prestigious law firms (including
Cravath Swaine & Moore LLP and Weil Gotshal &
Manges LLP). Federal investigators are exploring
whether they stole confidential information for the
purpose of insider trading, according to people
familiar with the matter. (more)
Why?
8. • The American Bar
Association Model Rules of
Professional Conduct, requires law
firms to protect client information
(Model Rule 1.1, 1.4 & 1.6)
• 47 states also have Data Breach
Notification Laws. Listed here.
• There are also sector specific
requirements – HIPAA, PCI-DSS…
It is your responsibility to protect
your client’s data!
9. • The ABA Commission on Ethics
20/20 added new amendments and
comments
• “Lawyers must keep abreast of
benefits and risks of technology”
• “Lawyers must take reasonable
steps to prevent inadvertent or
unauthorized disclosure or
unauthorized access to client
information.”
• 19 states now have laws dealing
with electronic and paper record
disposal
Your firm’s reputation is all it has.
You never want to have to put out a release like this:
“Last summer, the Firm identified a limited breach of its IT systems.
We have worked closely with law enforcement authorities who have
jurisdiction over this matter, and we are not aware that any of the
information that may have been accessed has been used
improperly. Upon identifying the incident we immediately
supplemented our IT security measures with the assistance of
additional outside security consultants. Client confidentiality is
sacrosanct. We continually invest in state-of-the-art systems and
procedures and work with clients and security firms to assess the
strength of our protections. We will continue to work to ensure our
systems are best in class.”
– Cravath, Swaine & Moore LLP
10. • ACP protects communications between clients and their
lawyers in a confidential setting that relate to legal advice
and do not further a crime or fraud, as long as the privilege
has not been waived
• This privilege is subject to several constraints
• It doesn’t apply based on the parties mutual agreement
• In most cases it will not apply to agents of the client unless the
agent is necessary to transmit the privileged communication
(e.g., translators)
• Lawyer-agents CAN be subject to the attorney-client privilege if
the agent is assisting the lawyer in providing legal advice
(United States v. Kovel, 296 F2d. 918 (2nd Cir. 1961)
The Value of Attorney Client
Privilege
11. • Here are the best practices to demonstrate the necessity
of an agent’s role in legal advice;
• Lawyer should document the need for agent's assistance
and how it will be used
• Agent should work under the lawyer's direction – not the
client’s
• Lawyer should incorporate the agent’s work into the
lawyer’s legal advice, rather than simply forwarding the
agent’s work, and
• Lawyer should document how he or she used agents work
in its advice
A Lawyer-Agent’s Role
13. • Most of the industry is “Winging it”
• No Comprehensive Approach
• Lack of a Controlled Framework
• No Structured Solution
Lack of Structure
14. End to End Solution
The Choice Cybersecurity Approach:
• Assess with a Gap Analysis
• Address vulnerabilities with
a multi layered approach
• Maintain an acceptable level
of risk through continuous
monitoring and scanning
15. Risk Assessment
• In order to move from Protection to
Detection you must identify your
assets
• Questions to ask:
• What is important to your firm?
• What are you trying to protect?
• What are your threats?
• How would a breach affect your
firm?
• How would you respond to a
breach of confidentiality?
16. Data Assets
• Data can be anywhere
• Cloud
• Mobile
• Servers
• Workstations
• Phones
• Tablets
• Laptops
17. What is Sensitive Data?
1. Social Security Numbers
2. Credit Cards
3. Date of Birth
4. Driver’s License
5. Passport
6. IP Address
7. Digital Identity
18. Failed Assessment Example
• 666,732 Files Scanned
• 2,162 Suspected Incidents Found
• 327 Files with Suspect Data
• $888,600 Liability
19. 2 Parts of the Risk Assessment
• Identify Vulnerabilities
• Software
• Hardware
• Firewall
• Sensitive Data
22. Antivirus doesn’t work all
that well anymore…
“Crypting Service”
Example: http://execrypt.com
“This is an automatic online service ExeCrypt
which can help you to obfuscate binary data. Our
service is indispensable tool to get secure your
program content form curious researchers and
prevent detection by antivirus programs.”
Follow Gartner for EP Protection Platforms
Protect the Endpoint…
23. • Firewall
• Unified Threat
Management
• Next Generation Firewall
• Managed Firewall
• Intrusion Protection
System (IPS)
Great, but not enough…
Firewall - Protect the Front Door!
24. • Malware Exploit!!!
• Clicking on Phishing messages
and bad links
• Running outdated software with
security vulnerabilities (Flash,
Java, Windows…)
• Downloading risky software
(TOR, BitTorrent, Telnet,
Android apps…)
• Going to explicit websites
• Sending info over the internet in
clear text
Continuous Monitoring – Know when
someone lets the bad guy through the
front door….
25. • Tools used for pen testing are
widely available for anyone to
leverage (metasploit, nmap,
openvas etc..) all great but can
be used against you too..
• https://showdan.io
Continuous Monitoring – Know when
a bad actor is inside your network…
26. • Security hygiene
• Lack of rigorous policy &
plans
• Lack effective monitoring
What’s the Issue?
27. • Command & Control Malware
• Ransomware
• Spyware
Continuous Monitoring – Know when
you are being exploited!
28. • Managed Security Service
• Easy to install
• Easy to use
• Accurate
• Affordable
• For as low as $299 a month
Continuous Monitoring – Know your
score!
30. Thank You
Scott B. Suhy
CEO
NetWatcher.com
scott.suhy@netwatcher.com
Steve Britt
Partner
Berenzweig Leonard
sbritt@berenzweiglaw.com
Steve Rutkovitz
CEO
Choice Cyber Security
steve@choicecybersecurity.com
Editor's Notes
There are 5M businesses in the US and 125M WW that are doing no more than anti-virus
And a firewall to secure their enterprises and they are getting compromised daily.
Their customers and compliance mandates are demanding that these 5M businesses do
more to secure their infrastructure however these enterprises don’t have the resources…
We solve this problem!
There are 5M businesses in the US and 125M WW that are doing no more than anti-virus
And a firewall to secure their enterprises and they are getting compromised daily.
Their customers and compliance mandates are demanding that these 5M businesses do
more to secure their infrastructure however these enterprises don’t have the resources…
We solve this problem!