Ignorance of cybersecurity is no excuse

Law

Target. Yahoo. eBay. Netflix. JP Morgan Chase. The U.S. Office of Personnel Management. Sony. Ashley Madison. The Democratic National Committee. LinkedIn. Home Depot.

What do all of those companies have in common? They all have been the victim of cybersecurity breaches.

Imagine how attractive a law firm that specializes in medical malpractice or personal injury is to a hacker. Or what about a defense firm with terabytes of business emails, trade secrets and financial information?

A law firm that keeps any kind of sensitive data is subject to regulatory violations and lawsuits if that information is compromised. A multi-million-dollar global company might be able to overcome a cybersecurity breach, but a small to mid-sized law firm might not.

"There are two types of firms: those that know they’ve been (cyber) attacked and those that don’t." - Jill Rhodes, co-author of “The ABA Cybersecurity Handbook”

The Health Insurance Portability and Accountability Act (HIPAA) became law in 1996, and it was amended in 2009 to mandate that business associates of covered entities comply with several provisions, including those related to security and privacy. The amendment also calls for stricter enforcement of compliance failures.

But it isn’t just HIPAA that a lawyer needs to worry about in terms of cybersecurity. Clients’ personal financial records, business dealings, sealed family law filings, even criminal court records all could be breached if a lawyer or law firm hasn’t taken adequate precautions to protect their computer systems and networks.

And even that might not be enough. Cloud technology, email, smartphones and other wireless devices all provide another entrance for potential hackers.

Careers – those of lawyers and their clients – can be destroyed, and businesses have crumbled due to breaches in security. No matter the industry, customers deserve to know that their information is protected.

For proof of potential damage, an attorney just needs to take a quick look at recent headlines.

The Chicago law firm of Johnson & Bell Ltd. was hit with a class action lawsuit after it failed to protect client data. Panama-based Mossack Fonesca also was breached, resulting in millions of documents and terabytes of leaked data involving dozens of companies, celebrities and global leaders.

The same goes for a handful of New York law firms that were hacked. Cravath, Swaine & Moore as well as Weil Gotshal & Manges were the victims; hackers were looking for insider-trading information related to planned business mergers, according to The Wall Street Journal. The hackers used the information to steal more than $4 million, according to reports.

And just this summer, the global firm of DLA Piper was the victim of a ransomware attack that affected computers and phones across the company.

“The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware,” the firm said in a statement. “We are taking steps to remedy the issue as quickly as possible.”

As of now, 26 states require lawyers to keep up with changes in legal technology. Florida even requires regular CLE technology credits.

Enter Advantage Technology

Advantage Technology has the technology and personnel in place to address any shortcomings your law practice has in its cybersecurity plans, if it even has one. Rob Dixon, Advantage Technology’s Director of Information Security Services, has a long history of protecting information.

“We deliver a number of advisory services in addition to security compliance testing, awareness training and other professional security services,” Dixon says of the Advantage Technology team. “I have nearly 20 years of industry experience in information security, with a strong background in security operations, applied threat intelligence, policy development, operational procedure development, incident management, malware research, network defense architectures, network penetration testing, intrusion prevention technologies, endpoint protection and analysis and counterintelligence control operations.”

Meet Rob Dixon

Before joining Advantage Technology, Dixon was the Director of Global Threat Intelligence for one of the largest private security firms in the world. He assisted in architecting security automation and orchestration platforms and enhanced threat analysis. He also created a real-world simulation testing framework for structured security testing to validate the effectiveness of security products.

In his role with the Global Threat Intelligence team, he led up the development of dark web research methodologies and industry specific honeypots (a computer system that is set up to act as a decoy to lure bad actors) for intelligence collection. He also previously was Cyber-Security Operations Manager for the State of West Virginia’s Office of Technology, where he provided security guidance and expertise to military leadership, government executives and agency heads.

In today’s world, information security isn’t a luxury. It’s an absolute necessity.

Unfortunately, most businesses can’t afford a C-Suite level executive to manage their information security. CISOs are in demand, and as a result they demand competitive salaries. There is a lot of time involved in onboarding a new CISO and CISOs require ongoing, specialized training.
This is where Advantage Technology’s Virtual CISO comes in.

With Dixon as your Virtual CISO, Advantage Technology has developed products and programs that can provide you with the value of a CISO on an on-demand basis – keeping your information secure while saving you money.