SlideShare a Scribd company logo

FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL

M
Matthew Magner
1 of 2
Download to read offline
FINAL New Cyber Threats Pose a Challenge to Law Firms By: Matthew Magner, J.D., CPCU, RPLU Cyber threats seem to be the number one concern for law firms these days, and with good reason. While all law firms are at risk of a data breach, former ABA President, Laurel Bellows, declared that small law firms, in particular, have become cyber criminals’ latest victims. In 2011, Mandiant, an information security company, estimated that 80 U.S. law firms were hacked; looking at more recent studies, it’s not difficult to imagine that the number of law firm data breaches has since increased significantly. In 2014, data breaches worldwide totaled 1,540 up 46% from 2013—representing almost 1 billion data records that were either lost or stolen according to a report by digital security firm Gemalto. As companies find ways to prevent data breaches, the criminals continue to come up with new techniques to steal valuable data. Following are several evolving trends that pose significant security threats to law firms that can be difficult to prevent. However, by educating law firm staff about these trends as well as best practices to protect valuable data, law firms can make it more difficult, if not impossible for criminals to steal data. The WiFi Pineapple is not as sweet as it sounds. With a simple Google search, anyone can purchase this inexpensive device that looks like, and mimics, a wireless router. The Pineapple can pretend to be a legitimate Wi-Fi source, enabling a cybercriminal to intercept transmissions, record keystrokes or redirect victims to malicious websites. For instance, law firm staff accessing free Wi-Fi while staying at a hotel during a business trip or catching up on e-mails at a favorite coffee shop, could find that their laptop or smart phone is being intercepted by a Pineapple device that is capturing user names and passwords. Side channel emissions are tiny signals emitted by an electronic device, such as a laptop or smart phone even when it’s not connected to the Internet, that can offer hackers a big win. Hackers, located several feet away from the device or even in another room, can listen to these signals and hijack what is being typed. For instance, an attorney preparing a sensitive trial strategy report on an airplane may not realize that the laptop will emit acoustic signals that can be picked up by an antenna, microphone or radio placed nearby, possibly hidden in a briefcase, and provide the hacker with valuable attorney-client information--without the attorney ever accessing the internet.
Another threat to law firms are office copiers, fax machines and printers, which often contain hard drives not unlike those in desktop computers. These hard drives are capable of storing massive amounts of information; this may include tax returns, medical records, financial information and more. In some cases, vendors or employees may access these hard drives without authorization, or criminals may “rescue” discarded copiers/fax machines/printers and their hard drives that still contain valuable data. Law firms can help mitigate their exposure to these new threats as well as other data breach risks by following best practices. • Look Alert. Employees should be aware of their surroundings when they access the Internet outside of the office, especially if someone has placed an unusual object nearby; it could be a device that is capturing keystrokes. Tell employees to try to avoid logging on to password protected sites while using public Wi-Fi. • Wipe It Clean. Confirm that encryption technology is used for hard drives in printers, fax machines and copiers, and that the data is wiped or destroyed prior to disposal of the device. Never use a public copier for sensitive information. • Take Precautions. Turn off the Wi-Fi on electronic devices when you don’t need an Internet connection, and only use a network that is WPA-encrypted and requires a password. Consider purchasing VPN (virtual private network) software or an App for your mobile device that will encrypt your connection. Law firms should also consider consulting with a legal professional regarding their practices and purchasing a cybersecurity (network security and privacy) policy. Most lawyer’s professional liability policies require that the definition of “professional services” be triggered for liability claims and do not extend coverage to the myriad of first-party exposures such as forensic and compliance assessment expenses, notification costs, business interruption expenses, fines and penalties, and extortion demands. But, perhaps the most important line of defense is education. Educating law firm staff about these trends and best practices can help keep hackers out of your firm’s network. Matt Magner is a senior underwriting officer for the Chubb Group of Insurance Companies can be contacted at mmagner@chubb.com.

Recommended

Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crimevishalgohel12195
 
Cyber crime paper
Cyber crime paperCyber crime paper
Cyber crime paperaymancoo
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenVidaB
 
Computer crime
Computer crimeComputer crime
Computer crimeUc Man
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedVidaB
 
Computer crime
Computer crimeComputer crime
Computer crimeVinil Patel
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 

Recommended

Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crimevishalgohel12195
 
Cyber crime paper
Cyber crime paperCyber crime paper
Cyber crime paperaymancoo
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenVidaB
 
Computer crime
Computer crimeComputer crime
Computer crimeUc Man
 
E commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedE commerce fraud chapter 17 B Ahmed
E commerce fraud chapter 17 B AhmedVidaB
 
Computer crime
Computer crimeComputer crime
Computer crimeVinil Patel
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Computer Crime
Computer CrimeComputer Crime
Computer CrimeAdeel Rasheed
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MISAmirul Shafiq Ahmad Zuperi
 
Hackers
HackersHackers
HackersAlvaro Cipriano
 
Hackers
HackersHackers
Hackersguesta04f59b
 
The disadvantages of ict
The disadvantages of ictThe disadvantages of ict
The disadvantages of ictcyb1337
 
Cybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesCybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesAshesh R
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimeslittle robie
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Computer crime
Computer crime Computer crime
Computer crimeAnika Rahman Orin
 
Software Piracy
Software PiracySoftware Piracy
Software Piracyjvonschilling
 
Disadvantages of-i ct-woww
Disadvantages of-i ct-wowwDisadvantages of-i ct-woww
Disadvantages of-i ct-wowwFloroRaphaell
 
Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 
Ethics piracy
Ethics piracyEthics piracy
Ethics piracyHamail A Ahmed
 
Apt 510 slideshare
Apt 510 slideshareApt 510 slideshare
Apt 510 slideshareShondaRobinson2
 
Cyber laws
Cyber lawsCyber laws
Cyber lawsManali Khadaria
 
MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverPJStarr
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 

More Related Content

What's hot

COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
The disadvantages of ict
The disadvantages of ictThe disadvantages of ict
The disadvantages of ictcyb1337
 
Cybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesCybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesAshesh R
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Disadvantages of-i ct-woww
Disadvantages of-i ct-wowwDisadvantages of-i ct-woww
Disadvantages of-i ct-wowwFloroRaphaell
 
Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
Information Security
Information SecurityInformation Security
Information Securitysteffiann88
 

What's hot (20)

COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security Summit
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Computer Crime
Computer CrimeComputer Crime
Computer Crime
 
Chapter 8 securing information systems MIS
Chapter 8 securing information systems MISChapter 8 securing information systems MIS
Chapter 8 securing information systems MIS
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
The disadvantages of ict
The disadvantages of ictThe disadvantages of ict
The disadvantages of ict
 
Cybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesCybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse Cases
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimes
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
Computer crime
Computer crime Computer crime
Computer crime
 
Software Piracy
Software PiracySoftware Piracy
Software Piracy
 
Disadvantages of-i ct-woww
Disadvantages of-i ct-wowwDisadvantages of-i ct-woww
Disadvantages of-i ct-woww
 
Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT Policy
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law
 
Information Security
Information SecurityInformation Security
Information Security
 
Ethics piracy
Ethics piracyEthics piracy
Ethics piracy
 
Apt 510 slideshare
Apt 510 slideshareApt 510 slideshare
Apt 510 slideshare
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 

Similar to FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL

MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverPJStarr
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Most Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesMost Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesBryTech INC
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptxRajviNikeetaRathore
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksSocialKwan
 
Cyber security and mobile devices
Cyber security and mobile devicesCyber security and mobile devices
Cyber security and mobile devicesUmer Saeed
 
Managing data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur guptaManaging data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur guptaAankur Gupta
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for LawyersMark Lanterman
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environmentIBM Software India
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfkostikjaylonshaewe47
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Print Security - Are Business Complacent?
Print Security - Are Business Complacent?Print Security - Are Business Complacent?
Print Security - Are Business Complacent?Adrian Boucek
 

Similar to FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL (20)

MindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no coverMindingTheCloud_NPR_Sum2014-no cover
MindingTheCloud_NPR_Sum2014-no cover
 
Information security
Information securityInformation security
Information security
 
Data security
Data security Data security
Data security
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Most Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling EnterprisesMost Important Data Security Concerns Troubling Enterprises
Most Important Data Security Concerns Troubling Enterprises
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
Crimes in digital marketing..pptx
Crimes in digital marketing..pptxCrimes in digital marketing..pptx
Crimes in digital marketing..pptx
 
Protecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaksProtecting Intellectual Property in the Age of WikiLeaks
Protecting Intellectual Property in the Age of WikiLeaks
 
Cyber security and mobile devices
Cyber security and mobile devicesCyber security and mobile devices
Cyber security and mobile devices
 
Managing data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur guptaManaging data security and privacy in call centres ankur gupta
Managing data security and privacy in call centres ankur gupta
 
Task 3
Task 3Task 3
Task 3
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for Lawyers
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
Print Security - Are Business Complacent?
Print Security - Are Business Complacent?Print Security - Are Business Complacent?
Print Security - Are Business Complacent?
 

FINAL Disclosures Art-Cyber Threats n Law Firms-Magner FINAL

  • 1. FINAL New Cyber Threats Pose a Challenge to Law Firms By: Matthew Magner, J.D., CPCU, RPLU Cyber threats seem to be the number one concern for law firms these days, and with good reason. While all law firms are at risk of a data breach, former ABA President, Laurel Bellows, declared that small law firms, in particular, have become cyber criminals’ latest victims. In 2011, Mandiant, an information security company, estimated that 80 U.S. law firms were hacked; looking at more recent studies, it’s not difficult to imagine that the number of law firm data breaches has since increased significantly. In 2014, data breaches worldwide totaled 1,540 up 46% from 2013—representing almost 1 billion data records that were either lost or stolen according to a report by digital security firm Gemalto. As companies find ways to prevent data breaches, the criminals continue to come up with new techniques to steal valuable data. Following are several evolving trends that pose significant security threats to law firms that can be difficult to prevent. However, by educating law firm staff about these trends as well as best practices to protect valuable data, law firms can make it more difficult, if not impossible for criminals to steal data. The WiFi Pineapple is not as sweet as it sounds. With a simple Google search, anyone can purchase this inexpensive device that looks like, and mimics, a wireless router. The Pineapple can pretend to be a legitimate Wi-Fi source, enabling a cybercriminal to intercept transmissions, record keystrokes or redirect victims to malicious websites. For instance, law firm staff accessing free Wi-Fi while staying at a hotel during a business trip or catching up on e-mails at a favorite coffee shop, could find that their laptop or smart phone is being intercepted by a Pineapple device that is capturing user names and passwords. Side channel emissions are tiny signals emitted by an electronic device, such as a laptop or smart phone even when it’s not connected to the Internet, that can offer hackers a big win. Hackers, located several feet away from the device or even in another room, can listen to these signals and hijack what is being typed. For instance, an attorney preparing a sensitive trial strategy report on an airplane may not realize that the laptop will emit acoustic signals that can be picked up by an antenna, microphone or radio placed nearby, possibly hidden in a briefcase, and provide the hacker with valuable attorney-client information--without the attorney ever accessing the internet.
  • 2. Another threat to law firms are office copiers, fax machines and printers, which often contain hard drives not unlike those in desktop computers. These hard drives are capable of storing massive amounts of information; this may include tax returns, medical records, financial information and more. In some cases, vendors or employees may access these hard drives without authorization, or criminals may “rescue” discarded copiers/fax machines/printers and their hard drives that still contain valuable data. Law firms can help mitigate their exposure to these new threats as well as other data breach risks by following best practices. • Look Alert. Employees should be aware of their surroundings when they access the Internet outside of the office, especially if someone has placed an unusual object nearby; it could be a device that is capturing keystrokes. Tell employees to try to avoid logging on to password protected sites while using public Wi-Fi. • Wipe It Clean. Confirm that encryption technology is used for hard drives in printers, fax machines and copiers, and that the data is wiped or destroyed prior to disposal of the device. Never use a public copier for sensitive information. • Take Precautions. Turn off the Wi-Fi on electronic devices when you don’t need an Internet connection, and only use a network that is WPA-encrypted and requires a password. Consider purchasing VPN (virtual private network) software or an App for your mobile device that will encrypt your connection. Law firms should also consider consulting with a legal professional regarding their practices and purchasing a cybersecurity (network security and privacy) policy. Most lawyer’s professional liability policies require that the definition of “professional services” be triggered for liability claims and do not extend coverage to the myriad of first-party exposures such as forensic and compliance assessment expenses, notification costs, business interruption expenses, fines and penalties, and extortion demands. But, perhaps the most important line of defense is education. Educating law firm staff about these trends and best practices can help keep hackers out of your firm’s network. Matt Magner is a senior underwriting officer for the Chubb Group of Insurance Companies can be contacted at mmagner@chubb.com.