SlideShare una empresa de Scribd logo

Cybersecurity for Your Law Firm: Data Security and Data Encryption

Shawn Tuma
Shawn Tuma

This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.

Derecho
1 de 19
Descargar para leer sin conexión
www.solidcounsel.com
Cybersecurity: A Legal Issue?
www.solidcounsel.com Ethics – Specific Attorney Risks. ▪ Law firm cybersecurity – this applies to law firms and attorneys. ▪ Clients are demanding adequate security (firms are their third-party risk). ▪ Law firms are an increasingly popular target. ▪ Value and sensitivity of data. ▪ Data for multiple clients. ▪ “A lawyer should preserve the confidences and secrets of a client.” ▪ Ethics Opinion 384 (Sept. 1975) ▪ Canon No. 4, Code of Professional Responsibility ▪ Disciplinary Rule (DR) 4-101 (A) and (B)
www.solidcounsel.com What do you think? Sophisticated James Bond-like attacks? or Simple things, people doing dumb things?
www.solidcounsel.com The real-world threats are not so sophisticated. Easily preventable • 90% in 2014 • 91% in 2015 • 63% confirmed breaches from weak, default, or stolen passwords • Data is lost over 100x more than stolen • Phishing used most to install malware Easily preventable • 90% in 2014 • 91% in 2015
www.solidcounsel.com Start with the basics. “Some people try to find things in this game that don’t exist but football is only two things – blocking and tackling.” -Vince Lombardi * If you want to talk deep programming- type issues, see Section VII of paper.
www.solidcounsel.com Our objective is to protect IP. Which of the following aspects of the IP are we most focused on protecting? 1. Confidentiality 2. Integrity 3. Availability 4. All of the above “CIATriad” of cybersecurity
www.solidcounsel.com Cybersecurity “CIA” examples. ▪ Stuxnet ▪ Integrity ▪ German steel mill ▪ Integrity ▪ Sony ▪ Availability ▪ Confidentiality ▪ Target ▪ Confidentiality
www.solidcounsel.com Malicious • compete • newco • Sabotage • disloyal insider Negligence • email • usb • passwords Blended • foot out the door • misuse of network • stealing data • negligence with data • violate use policies Hacking / Cracking Social Engineering Malware Stealing Planting Corrupting Who are the primary threats?
www.solidcounsel.com Threat Vectors Network Website Email BYOD USBGSM Internet Surfing Business Associates People
To protect law firm, you must: • Protect our companies’ data • Confidentiality • Integrity • Availability • Against threats from • Insiders • Outsiders • Third-party partners
www.solidcounsel.com Cybersecurity needs for companies (and firms). ▪ Strong cybersecurity basics. ▪ Policies and procedures focused on cybersecurity. ▪ Social engineering. ▪ Password and security questions ▪ Training of all employees. ▪ Phish all employees (esp. executives). ▪ Signature based antivirus and malware detection. ▪ Multi-factor authentication. ▪ Backups segmented from the network. ▪ Incident response plan. ▪ Encryption for sensitive and air-gap for hypersensitive data. ▪ Adequate logging and retention. ▪ Third-party security and supply chain risk management.* ▪ Intrusion detection and intrusion prevention systems.*
www.solidcounsel.com Encryption -- oh, this is hard, how do I encrypt? (Appendix B)
www.solidcounsel.com Encryption – encrypt Adobe .pdf documents
www.solidcounsel.com Encryption – encrypt Word documents
www.solidcounsel.com Incident Response • Appendix A • Goal is to execute IRP • This is check list, not an IRP • How detailed? • Tabletop exercises
www.solidcounsel.com Cyber Risk Assessment Strategic Planning Deploy Defense Assets Develop, Implement &Train on P&P Tabletop Testing Reassess & Refine Cybersecurity Risk Management Program
www.solidcounsel.com • Board of Directors & General Counsel, Cyber Future Foundation • Board of Advisors, NorthTexas Cyber Forensics Lab • Cybersecurity & Data Privacy LawTrailblazers, National Law Journal (2016) • SuperLawyersTop 100 Lawyers in Dallas (2016) • SuperLawyers 2015-16 (IP Litigation) • Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law) • Council, Computer &Technology Section, State Bar ofTexas • Privacy and Data Security Committee of the State Bar ofTexas • College of the State Bar ofTexas • Board of Directors, Collin County Bench Bar Foundation • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science &Technology Committee of the American Bar Association • NorthTexas Crime Commission, Cybercrime Committee • Infragard (FBI) • International Association of Privacy Professionals (IAPP) • Board of Advisors Office of CISO, Optiv Security • Editor, Business Cybersecurity Business Law Blog Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com

Recomendados

Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
ANGIEPAEZ304
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Ppt
PptPpt
Ppt
Geetu Khanna
 

Recomendados

Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
ANGIEPAEZ304
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Ppt
PptPpt
Ppt
Geetu Khanna
 
CYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxCYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptx
Weyai1
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
Bill Gardner
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
information security
information securityinformation security
information security
university of karachi
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
MohanPandey31
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
PECB
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Edwin A. Opare
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
Surya Bathulapalli
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP
 
Cyber security
Cyber securityCyber security
Cyber security
manoj duli
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Shawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
Shawn Tuma
 

Más contenido relacionado

La actualidad más candente

CYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxCYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptx
Weyai1
 

La actualidad más candente (20)

CYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxCYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptx
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
information security
information securityinformation security
information security
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Security of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptxSecurity of IOT,OT And IT.pptx
Security of IOT,OT And IT.pptx
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Cyber Security Incident Response Planning
Cyber Security Incident Response PlanningCyber Security Incident Response Planning
Cyber Security Incident Response Planning
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
Cyber security
Cyber securityCyber security
Cyber security
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 

Destacado

Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
Gavin Davey
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
Prince Chandu
 

Destacado (15)

Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
 
Guide to Computer Hacking Laws in Texas: Federal Computer Fraud and Abuse Act...
Guide to Computer Hacking Laws in Texas: Federal Computer Fraud and Abuse Act...Guide to Computer Hacking Laws in Texas: Federal Computer Fraud and Abuse Act...
Guide to Computer Hacking Laws in Texas: Federal Computer Fraud and Abuse Act...
 
Industrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentationIndustrial Cybersecurity & SCADA hacks presentation
Industrial Cybersecurity & SCADA hacks presentation
 
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
Recent Cybersecurity Concerns and How to Protect SCADA/HMI Applications Prese...
 
InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015InduSoft Speaks at Houston Infragard on February 17, 2015
InduSoft Speaks at Houston Infragard on February 17, 2015
 
chile-2015 (2)
chile-2015 (2)chile-2015 (2)
chile-2015 (2)
 
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 

Similar a Cybersecurity for Your Law Firm: Data Security and Data Encryption

Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Shawn Tuma
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Resilient Systems
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
EC-Council
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
TruShield Security Solutions
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
Darren Argyle
 

Similar a Cybersecurity for Your Law Firm: Data Security and Data Encryption (20)

The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
 
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"
 

Más de Shawn Tuma

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Shawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
Shawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 

Más de Shawn Tuma (20)

Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital Engagement
 
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for Cybersecurity
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 

Último

WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
Delhi Call girls
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
Airst S
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
Aurora Consulting
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
Airst S
 
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSSASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
CssSpamx
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
ss
 

Último (20)

Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSSASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
How do cyber crime lawyers in Mumbai collaborate with law enforcement agencie...
 
The Main Steps on Starting a Business in Spain
The Main Steps on Starting a Business in SpainThe Main Steps on Starting a Business in Spain
The Main Steps on Starting a Business in Spain
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 

Cybersecurity for Your Law Firm: Data Security and Data Encryption

  • 2.
  • 4. www.solidcounsel.com Ethics – Specific Attorney Risks. ▪ Law firm cybersecurity – this applies to law firms and attorneys. ▪ Clients are demanding adequate security (firms are their third-party risk). ▪ Law firms are an increasingly popular target. ▪ Value and sensitivity of data. ▪ Data for multiple clients. ▪ “A lawyer should preserve the confidences and secrets of a client.” ▪ Ethics Opinion 384 (Sept. 1975) ▪ Canon No. 4, Code of Professional Responsibility ▪ Disciplinary Rule (DR) 4-101 (A) and (B)
  • 5. www.solidcounsel.com What do you think? Sophisticated James Bond-like attacks? or Simple things, people doing dumb things?
  • 6. www.solidcounsel.com The real-world threats are not so sophisticated. Easily preventable • 90% in 2014 • 91% in 2015 • 63% confirmed breaches from weak, default, or stolen passwords • Data is lost over 100x more than stolen • Phishing used most to install malware Easily preventable • 90% in 2014 • 91% in 2015
  • 7. www.solidcounsel.com Start with the basics. “Some people try to find things in this game that don’t exist but football is only two things – blocking and tackling.” -Vince Lombardi * If you want to talk deep programming- type issues, see Section VII of paper.
  • 8. www.solidcounsel.com Our objective is to protect IP. Which of the following aspects of the IP are we most focused on protecting? 1. Confidentiality 2. Integrity 3. Availability 4. All of the above “CIATriad” of cybersecurity
  • 9. www.solidcounsel.com Cybersecurity “CIA” examples. ▪ Stuxnet ▪ Integrity ▪ German steel mill ▪ Integrity ▪ Sony ▪ Availability ▪ Confidentiality ▪ Target ▪ Confidentiality
  • 10. www.solidcounsel.com Malicious • compete • newco • Sabotage • disloyal insider Negligence • email • usb • passwords Blended • foot out the door • misuse of network • stealing data • negligence with data • violate use policies Hacking / Cracking Social Engineering Malware Stealing Planting Corrupting Who are the primary threats?
  • 12. To protect law firm, you must: • Protect our companies’ data • Confidentiality • Integrity • Availability • Against threats from • Insiders • Outsiders • Third-party partners
  • 13. www.solidcounsel.com Cybersecurity needs for companies (and firms). ▪ Strong cybersecurity basics. ▪ Policies and procedures focused on cybersecurity. ▪ Social engineering. ▪ Password and security questions ▪ Training of all employees. ▪ Phish all employees (esp. executives). ▪ Signature based antivirus and malware detection. ▪ Multi-factor authentication. ▪ Backups segmented from the network. ▪ Incident response plan. ▪ Encryption for sensitive and air-gap for hypersensitive data. ▪ Adequate logging and retention. ▪ Third-party security and supply chain risk management.* ▪ Intrusion detection and intrusion prevention systems.*
  • 14. www.solidcounsel.com Encryption -- oh, this is hard, how do I encrypt? (Appendix B)
  • 17. www.solidcounsel.com Incident Response • Appendix A • Goal is to execute IRP • This is check list, not an IRP • How detailed? • Tabletop exercises
  • 19. www.solidcounsel.com • Board of Directors & General Counsel, Cyber Future Foundation • Board of Advisors, NorthTexas Cyber Forensics Lab • Cybersecurity & Data Privacy LawTrailblazers, National Law Journal (2016) • SuperLawyersTop 100 Lawyers in Dallas (2016) • SuperLawyers 2015-16 (IP Litigation) • Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law) • Council, Computer &Technology Section, State Bar ofTexas • Privacy and Data Security Committee of the State Bar ofTexas • College of the State Bar ofTexas • Board of Directors, Collin County Bench Bar Foundation • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science &Technology Committee of the American Bar Association • NorthTexas Crime Commission, Cybercrime Committee • Infragard (FBI) • International Association of Privacy Professionals (IAPP) • Board of Advisors Office of CISO, Optiv Security • Editor, Business Cybersecurity Business Law Blog Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com