Cybersecurity and data privacy attorney Shawn Tuma presented on Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm, and Your Law License at State Bar of Texas Annual Meeting 2017 for the Computer & Technology Section of the State Bar of Texas' Adaptable Lawyer Track. The presentation was on June 22, 2017 in Dallas, Texas.
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm, and Your Law License
1. Shawn E. Tuma
Cybersecurity & Data Privacy Attorney
Scheef & Stone, LLP
Shawn.tuma@solidcounsel.com
Real World Cybersecurity Tips
You Can Use to Protect Your
Clients, Your Firm, and Your
Law License
@shawnetuma #SBOT17
2. The Problem
• Cybersecurity and privacy are issues that
most attorneys would prefer to ignore but
are uniquely obligated to address.
• Cybersecurity and privacy impact all lawyers
and law firms alike.
• Clients demanding adequate security (firms
are their third-party risk).
• Law firms are an increasingly popular target.
• Value and sensitivity of data.
• Data for multiple clients.
3. The Ethics
“A lawyer should preserve the confidences
and secrets of a client.”
• Ethics Opinion 384 (Sept. 1975)
• Canon No. 4, Code of Professional
Responsibility
• Disciplinary Rule (DR) 4-101 (A) and (B)
4. The Question
Are most cybersecurity and privacy incidents:
• Sophisticated James Bond-like attacks?
or
• Simple things, like people doing dumb
things?
5. The real-world threats are not so sophisticated.
Easily preventable
• 90% in 2014
• 91% in 2015
• 63% confirmed breaches from weak,
default, or stolen passwords
• Data is lost over 100x more than stolen
• Phishing used most to install malware
Easily preventable
• 90% in 2014
• 91% in 2015
6. To protect law firm, you must:
• Protect your data for
• Confidentiality
• Integrity
• Availability
• Against threats from
• Insiders
• Outsiders
• Third-party partners
7. The Tips:
Cybersecurity
Needs for Law
Firms
• Strong cybersecurity basics.
• Policies and procedures focused on cybersecurity.
• Social engineering.
• Password and security questions
• Training of all employees.
• Phish all employees (esp. leadership).
• Signature based antivirus and malware detection.
• Multi-factor authentication.
• Backups segmented from the network.
• Incident response plan.
• Encrypt sensitive and air-gap hypersensitive data.
• Adequate logging and retention.
• Third-party security and supply chain risk
management.
• Intrusion detection and intrusion prevention systems.
9. • Board of Directors & General Counsel, Cyber Future Foundation
• Board of Advisors, NorthTexas Cyber Forensics Lab
• Policy Council, NationalTechnology Security Coalition
• CybersecurityTask Force, IntelligentTransportation Society of America
• Cybersecurity & Data Privacy LawTrailblazers, National Law Journal (2016)
• SuperLawyersTop 100 Lawyers in Dallas (2016)
• SuperLawyers 2015-16 (IP Litigation)
• Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law)
• Council, Computer &Technology Section, State Bar ofTexas
• Privacy and Data Security Committee of the State Bar ofTexas
• College of the State Bar ofTexas
• Board of Directors, Collin County Bench Bar Conference
• Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association
• Information Security Committee of the Section on Science &Technology
Committee of the American Bar Association
• NorthTexas Crime Commission, Cybercrime Committee & Infragard (FBI)
• International Association of Privacy Professionals (IAPP)
• Board of Advisors Office of CISO, Optiv Security
ShawnTuma
Cybersecurity Partner
Scheef & Stone, L.L.P.
214.472.2135
shawn.tuma@solidcounsel.com
@shawnetuma
blog: www.shawnetuma.com
web: www.solidcounsel.com