[ISN] 25 Tips to Prevent Law Firm Data Breaches

From: InfoSec News <alerts_at_private>
Date: Thu, 8 Nov 2012 03:08:26 -0600 (CST)
http://www.wisbar.org/AM/Template.cfm?Section=Wisconsin_Lawyer&template=/CM/ContentDisplay.cfm&contentid=114269

By Sharon D. Nelson & John W. Simek
Wisconsin Lawyer
Vol. 85, No. 11, November 2012

Another day, another data breach. Data breaches have proliferated with 
amazing speed. Here is the roundup of some of the largest victims in 
2011 alone: Tricare, Nemours, Epsilon, WordPress, Sony, HB Gary, 
TripAdvisor, Citigroup, NASA, Lockheed Martin, and RSA Security. Some 
mighty big names on that list.

Don't be lulled into thinking that law firms (large and small) aren't 
suffering data breaches just because they don't have millions of clients 
affected. On Nov. 1, 2009, the FBI issued an advisory, warning law firms 
that they were specifically being targeted by hackers. Rob Lee, an 
information security specialist who investigates data breaches for the 
security company Mandiant, estimated that 10 percent of his time in 2010 
was spent investigating law firm data breaches.

Matt Kesner, the CIO of Fenwick and West LLP, has lectured at ABA 
TECHSHOW and appeared on a podcast acknowledging that his law firm has 
been breached twice. As he has also noted, it is very unlikely that we 
know of most law firm data breaches because the firms have a deeply 
vested interest in keeping breaches quiet. This may be less true in the 
future now that 46 states, including Wisconsin, have data breach 
notification laws. But as of October 2012, there is still no federal 
data breach notification law.

Shane Sims, a security practice director at PricewaterhouseCoopers has 
said, "Absolutely, we've seen targeted attacks against law firms in the 
last 12 to 24 months because hackers, including state sponsors, are 
realizing there's economic intelligence in those networks, especially 
related to business deals, mergers, and acquisitions." Matt Kesner has 
noted that China is often responsible for state-sponsored hacking – but 
that China doesn't waste its "A" squads on law firms: because law firm 
security is so dreadful, the rookies on the "C" squads are good enough 
to penetrate most firms.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Thu Nov 08 2012 - 01:08:26 PST

This archive was generated by hypermail 2.2.0 : Thu Nov 08 2012 - 01:19:04 PST