By Jeffrey Manfredonia, Kraft & Kennedy, Inc.
More and more law firms are starting security programs. They often ask us where to begin: what makes up the foundation of a solid security program? Which measures are necessary, as opposed to nice-to-have?
Law firms finally taking cybersecurity seriously
The legal industry is right to get serious about security.
The FBI has issued multiple warnings over recent years that law firms are regarded as weak links by hackers looking to get to corporate secrets, such as upcoming deals and intellectual property, or to hold data for ransom.
It has taken the clients, however, to finally get law firms to start listening. Companies are now requiring their representation to complete detailed 60-page audits and show proof of the technology they are using to stop intrusions.
The New York Times reports, “In some cases, banks and companies are threatening to withhold legal work from law firms that balk at the increased scrutiny or requesting that firms add insurance coverage for data breaches to their malpractice policies.”
Big-firm security on a small budget
These days an increasing number of big law firms have a security operations center (SOC) on staff. This team of security analysts maintains the network’s defenses and monitors for intrusions. Algorithmic software scans for suspicious activity while analysts review the alerts. This human-machine model of security, in which computers flag abnormalities and expert humans apply their judgment, is the leading standard for corporate security today.
It’s not just the multi-thousand lawyer firms that are getting targeted. Going so far as to build an on-site SOC, however, is understandably cost-prohibitive for most small and mid-sized firms.
Today, lightweight solutions from SaaS (software-as-a-service) software and managed security services providers make big-firm security possible on a budget. Kraft Kennedy, for instance, offers a 24/7/365 outsourced SOC that many smaller law firms find to be a good fit for their security needs.
Another current security term to add to your tech vocabulary is SIEM (security information and event management). The SIEM model encompasses software as well as managed services. The goal is a holistic view of an organization’s IT that allows for comprehensive security.
The below checklist includes the basics of a typical SIEM program.
The data security checklist:
Email Targeted Threat Protection
Email, according to the Director of Kraft Kennedy’s Security Practice, John Kogan, is not only your firm’s most prominent communication platform but also the application most susceptible to attack.
Email filtering solutions such as Mimecast defend your organization from spear-phishing, ransomware, impersonation, and other targeted attacks. They are programmed to detect malicious URLs, impersonation attempts, infected email attachments, and more.
Security Awareness Program
Human behavior, arguably the single most important aspect of any security program, is unfortunately also the hardest to control. While many people are confident that they can spot a fraudulent email or website, cybercriminals find these tactics to be extremely effective. Just late last year, a judge ruled that a hacked real estate firm would ultimately be responsible for the $500,000 it lost when a deceived partner transferred it to a hacker.
Kraft Kennedy conducts fake phishing attacks by email and phone as part of our security training programs. Before training, a shockingly high percentage of people fall for these ruses. Post-training, the number drops dramatically, usually to zero.
Malware and Anti-Virus protection
Antivirus and antispyware scans detect viruses and other security risks in real time, including spyware, adware, and other files, that can put a computer or a network at risk.
Web filtering solutions block suspicious websites and pop-ups. Some programs, such as Umbrella, can also prevent an infected device from connecting to an attacker’s servers or spreading the malware throughout the firm’s network.
Vulnerability scans run configuration and compliance checks, malware detection, web application scanning, and more. They allow administrators to easily run reports, filter data, and share results in a variety of formats to help others in the organization understand and address vulnerabilities.
Security Log Management and Policy Change Management
Together, these two types of solutions allow administrators to see unauthorized attempts to connect to the firm’s resources. They are able to detect suspicious activity such as a new user profile suddenly added to a lawyer’s computer, an unusual log-in, or sensitive personal data, such as credit card numbers, stored where it doesn’t belong.
The firewall provides a barrier between the computer and the Internet, preventing unauthorized users from accessing the computers and networks. It detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic.
Intrusion Prevention System
The intrusion prevention system (IPS) is the second layer of defense after the firewall. The intrusion prevention system is a network-based system. If a known attack is detected, one or more intrusion prevention technologies can automatically block it.
Endpoint Tracking and Modeling
Endpoint modeling delivers a continuous, unobstructed understanding of the behavior of every device connected to a firm’s network, regardless of function. Programs such as Observable provide rapid identification of indicators of compromise and are low-cost and efficient.
Can your firm check these nine defenses off the list?
If the answer is no or you are uncertain, I encourage you to get in touch with me at email@example.com before your firm is compromised. Kraft Kennedy is offering vulnerability scans with special ALANYC community pricing to keep members protected.