Home >> Commentary >> Firms Must be Conscious of Leaving Themselves Vulnerable to Hackers
Print This Post Print This Post

Firms Must be Conscious of Leaving Themselves Vulnerable to Hackers

Legal practitioners hold, store, and transfer critical, privileged and highly sensitive information entrusted to them, which by default, makes them prime targets for hackers.

computersImplementing and or enhancing security controls while finding new ways to secure and store client’s information on the firm’s network is imperative for any law firm hoping to avoid becoming the next data breach headline. A single data breach will have a significant impact on a law firm’s reputation and potentially place then on the wrong side of the law, or worst, put them out of business.

The legal community needs to ensure that sensitive data and communications remain “blacked out” except to authorized users, even if traditional perimeter defenses are breached. As legal professionals seek to reduce costs through decentralized cloud computing environments, the risks associated with the current methods of protecting critical data from cyberattack and exploitation are becoming increasingly apparent.

Compliance is mandatory; security is essential, and not an option. The consequences of a data breach include:

  • Loss of Competitiveness - Cybercriminals, and even honest mistakes, can circumvent information technology Defense systems. Regardless whether or not intentional, valued privileged communications can be exposed and dramatically weaken a firm’s ability to compete.
  • Compliance Breaches - If a firm is not protected from privileged communications breaches, then compliance with relevant policies and mandates becomes and immediate and serious issue. Privileged communications breaches can lead to fines, lost business, malpractice and a host of other penalties and challenges.
  • Damaged Reputation - Client trust and access to new business continue to be precious commodities. A single communications breach hitting the headlines can quickly erode these hard-earned assets. Estimated losses from companies that have been breached have ranged upwards of $200 million dollars for a single event.
  • Lost Productivity - The repercussions from the loss of privileged communications may cost a firm its competitive advantage while efforts at damage control sap resources from conducting daily business.

So, what are some of the ways a law firm can begin to ensure it is both secure and compliant? The first step is to recognize its key vulnerabilities. Below are five areas to examine closely to both mitigate as well as avoid potential data breach liability.

1. The Best Defense is a Good Offense

The phrase "the best defense is a good offense,” as it applies to cybersecurity is the premise that “new ways to secure data” are required to enhance and  support existing  defenses. Data-centric security solutions are required that protect both “data at rest as well as data in motion,” even when a security breach of an existing network and or data storage infrastructure occurs.

Data security must be all-inclusive and support the full range of operations from internal and external communications to financial transactions, client records and other data in storage. On a global basis, the legal community is facing an ongoing challenge of how to safely store and transmit data securely while still being able to access it quickly without interrupting their everyday business practice

2. Commonly Utilized Encryption Is Not Enough

Until now, bulk encryption combined with firewalls has been the most effective solution for protecting data and other assets from internal and external threats. Encryption is the process of transforming information (referred to as plain or accessible text) into an unintelligible scrambling of code (referred to as cipher-text). It utilizes a secret key with an algorithm and is known as “ciphering.” The cipher-text (encrypted data) is designed to be decoded, transformed, and restored back into its original readable and understandable form by utilizing the original cipher algorithm and a secret key. The intent of this process is to secure and protect critical information from theft and exploitation.

It is a proven fact given the plethora of current breaches that these defenses were not enough to protect the myriad of Fortune 1000 organizations from data loss. In order to solve these types of security gaps, a next-generation data security solution that virtually eliminates the loss of sensitive information is imperative. New forms of technology such as those offered by the use of MicroEncryption technology that uses MicroTokenization to encrypt each file individually down to the byte can prevent the mass data breaches that have made headlines almost daily.

3. Unsecured Email

Today, various forms of email continues to be the primary method utilized for business communication. Over time, the high level cyber experts have learned that securing email is a complicated challenge. By default, email is “open” as it maneuvers through the Internet and intranets. Email, not encrypted or protected in a secure manner, can potentially be read, intercepted or altered while in transit. To stop these exploitations from happening, end-to-end encryption of email was introduced and widely adopted in the business marketplace. Because email protection is a critical requirement for most business, the decision is not whether to implement email protection services, but rather what the best methodology is and  how quickly it can be best implemented with the  least amount of effort and business interruption.

4. Mobile Device Hacking

The portability of laptops, tablets and smartphones provide vulnerabilities that can result in the complete loss of protection afforded by traditional network facility solutions. Today, a Wi-Fi hacking device can be purchased for less than $100 and allows access to a vast majority of wireless local area networks within seconds. A hacker with very little experience can gain access to a device within 30 feet of a coffee shop, restaurant, airport, or while driving down a highway  or street. Recent studies found over 56 percent of laptops were broadcasting the name of their trusted WiFi networks and 34 percent were  willing to connect to highly-unsecure WiFi networks. Wireless Intrusion Prevention Systems (WIPS) offer some defenses, however, few companies make use of them. Additionally, if a firm utilizes a cloud-based file sharing service of sorts, the best practice to mitigate risk is to utilize a solution that is certified by both the PCI Security Standards Council and be HIPAA compliant.

5. Unsecured Text Messages

By sending a simple text message, hackers are gaining the ability to access information and change control settings, and the user would have no indication a breach has occurred. A firm specializing in mobile security recently highlighted this vulnerability in a demonstration using just the information found on a typical business card.

Understanding where potential weaknesses lie is a critical step in protecting any law firm. Ensuring, at minimum, that these five areas as listed above are addressed can go a long way towards preventing devastating data breaches. Ensuring that the proper levels of cyber protection are implemented and continuing to be vigilant to keep up with the times of the newest technology is key. There are third party sources such as PC Magazine that can assist your decision-making process regarding the best platforms to be looking at and implementing.

Click here to learn more about CertainSafe.  

 

 

About Author: Steven R. Russo

Steven R. Russo, a well published cyber expert, is the EVP of CertainSafe, a highly recognized award-winning developer of ultra-secure digital security, payment gateways services as well as file sharing and messaging platforms. CertainSafe has developed methods to secure highly sensitive data at the Micro level using the long-established tokenization process as well as MicroEncryption to add additional layers of protection. This newest technology is expected to change the way businesses and governments are managing security.
x

Check Also

Mnuchin, Calabria Discuss Housing Affordability and the GSEs

The Treasury Secretary joined FHFA’s Mark Calabria to testify before a House committee about the future of Fannie Mae and Freddie Mac, and what that means for American homeowners.

GET THE NEWS YOU NEED, WHEN YOU NEED IT.

With daily content from MReport, you’ll never miss another important headline in originations, lending, or servicing. Subscribe to MDaily to begin receiving a complimentary daily email containing the top mortgage news and market information.