Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Cybersecurity for Your Law Firm: Data Security and Data Encryption

Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio

Eche un vistazo a continuación

1 de 19 Anuncio

Cybersecurity for Your Law Firm: Data Security and Data Encryption

Descargar para leer sin conexión

This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.

This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.

Anuncio
Anuncio

Más Contenido Relacionado

Presentaciones para usted (20)

A los espectadores también les gustó (14)

Anuncio

Similares a Cybersecurity for Your Law Firm: Data Security and Data Encryption (20)

Más de Shawn Tuma (20)

Anuncio

Más reciente (20)

Cybersecurity for Your Law Firm: Data Security and Data Encryption

  1. 1. www.solidcounsel.com
  2. 2. Cybersecurity: A Legal Issue?
  3. 3. www.solidcounsel.com Ethics – Specific Attorney Risks. ▪ Law firm cybersecurity – this applies to law firms and attorneys. ▪ Clients are demanding adequate security (firms are their third-party risk). ▪ Law firms are an increasingly popular target. ▪ Value and sensitivity of data. ▪ Data for multiple clients. ▪ “A lawyer should preserve the confidences and secrets of a client.” ▪ Ethics Opinion 384 (Sept. 1975) ▪ Canon No. 4, Code of Professional Responsibility ▪ Disciplinary Rule (DR) 4-101 (A) and (B)
  4. 4. www.solidcounsel.com What do you think? Sophisticated James Bond-like attacks? or Simple things, people doing dumb things?
  5. 5. www.solidcounsel.com The real-world threats are not so sophisticated. Easily preventable • 90% in 2014 • 91% in 2015 • 63% confirmed breaches from weak, default, or stolen passwords • Data is lost over 100x more than stolen • Phishing used most to install malware Easily preventable • 90% in 2014 • 91% in 2015
  6. 6. www.solidcounsel.com Start with the basics. “Some people try to find things in this game that don’t exist but football is only two things – blocking and tackling.” -Vince Lombardi * If you want to talk deep programming- type issues, see Section VII of paper.
  7. 7. www.solidcounsel.com Our objective is to protect IP. Which of the following aspects of the IP are we most focused on protecting? 1. Confidentiality 2. Integrity 3. Availability 4. All of the above “CIATriad” of cybersecurity
  8. 8. www.solidcounsel.com Cybersecurity “CIA” examples. ▪ Stuxnet ▪ Integrity ▪ German steel mill ▪ Integrity ▪ Sony ▪ Availability ▪ Confidentiality ▪ Target ▪ Confidentiality
  9. 9. www.solidcounsel.com Malicious • compete • newco • Sabotage • disloyal insider Negligence • email • usb • passwords Blended • foot out the door • misuse of network • stealing data • negligence with data • violate use policies Hacking / Cracking Social Engineering Malware Stealing Planting Corrupting Who are the primary threats?
  10. 10. www.solidcounsel.com Threat Vectors Network Website Email BYOD USBGSM Internet Surfing Business Associates People
  11. 11. To protect law firm, you must: • Protect our companies’ data • Confidentiality • Integrity • Availability • Against threats from • Insiders • Outsiders • Third-party partners
  12. 12. www.solidcounsel.com Cybersecurity needs for companies (and firms). ▪ Strong cybersecurity basics. ▪ Policies and procedures focused on cybersecurity. ▪ Social engineering. ▪ Password and security questions ▪ Training of all employees. ▪ Phish all employees (esp. executives). ▪ Signature based antivirus and malware detection. ▪ Multi-factor authentication. ▪ Backups segmented from the network. ▪ Incident response plan. ▪ Encryption for sensitive and air-gap for hypersensitive data. ▪ Adequate logging and retention. ▪ Third-party security and supply chain risk management.* ▪ Intrusion detection and intrusion prevention systems.*
  13. 13. www.solidcounsel.com Encryption -- oh, this is hard, how do I encrypt? (Appendix B)
  14. 14. www.solidcounsel.com Encryption – encrypt Adobe .pdf documents
  15. 15. www.solidcounsel.com Encryption – encrypt Word documents
  16. 16. www.solidcounsel.com Incident Response • Appendix A • Goal is to execute IRP • This is check list, not an IRP • How detailed? • Tabletop exercises
  17. 17. www.solidcounsel.com Cyber Risk Assessment Strategic Planning Deploy Defense Assets Develop, Implement &Train on P&P Tabletop Testing Reassess & Refine Cybersecurity Risk Management Program
  18. 18. www.solidcounsel.com • Board of Directors & General Counsel, Cyber Future Foundation • Board of Advisors, NorthTexas Cyber Forensics Lab • Cybersecurity & Data Privacy LawTrailblazers, National Law Journal (2016) • SuperLawyersTop 100 Lawyers in Dallas (2016) • SuperLawyers 2015-16 (IP Litigation) • Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law) • Council, Computer &Technology Section, State Bar ofTexas • Privacy and Data Security Committee of the State Bar ofTexas • College of the State Bar ofTexas • Board of Directors, Collin County Bench Bar Foundation • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science &Technology Committee of the American Bar Association • NorthTexas Crime Commission, Cybercrime Committee • Infragard (FBI) • International Association of Privacy Professionals (IAPP) • Board of Advisors Office of CISO, Optiv Security • Editor, Business Cybersecurity Business Law Blog Shawn Tuma Cybersecurity Partner Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: www.shawnetuma.com web: www.solidcounsel.com

×