[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] 25 Tips to Prevent Law Firm Data Breaches
By Sharon D. Nelson & John W. Simek
Vol. 85, No. 11, November 2012
Another day, another data breach. Data breaches have proliferated with
amazing speed. Here is the roundup of some of the largest victims in
2011 alone: Tricare, Nemours, Epsilon, WordPress, Sony, HB Gary,
TripAdvisor, Citigroup, NASA, Lockheed Martin, and RSA Security. Some
mighty big names on that list.
Don't be lulled into thinking that law firms (large and small) aren't
suffering data breaches just because they don't have millions of clients
affected. On Nov. 1, 2009, the FBI issued an advisory, warning law firms
that they were specifically being targeted by hackers. Rob Lee, an
information security specialist who investigates data breaches for the
security company Mandiant, estimated that 10 percent of his time in 2010
was spent investigating law firm data breaches.
Matt Kesner, the CIO of Fenwick and West LLP, has lectured at ABA
TECHSHOW and appeared on a podcast acknowledging that his law firm has
been breached twice. As he has also noted, it is very unlikely that we
know of most law firm data breaches because the firms have a deeply
vested interest in keeping breaches quiet. This may be less true in the
future now that 46 states, including Wisconsin, have data breach
notification laws. But as of October 2012, there is still no federal
data breach notification law.
Shane Sims, a security practice director at PricewaterhouseCoopers has
said, "Absolutely, we've seen targeted attacks against law firms in the
last 12 to 24 months because hackers, including state sponsors, are
realizing there's economic intelligence in those networks, especially
related to business deals, mergers, and acquisitions." Matt Kesner has
noted that China is often responsible for state-sponsored hacking â but
that China doesn't waste its "A" squads on law firms: because law firm
security is so dreadful, the rookies on the "C" squads are good enough
to penetrate most firms.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!