Cyber SecurityforLaw Firms1 4 S e p te m b e r 2 0 2 1
About usCampbell McKenzieDirectorINCIDENT RESPONSE SOLUTIONS
Cyber is Contextual – Law Firms3
Law Firm Cyber Security at a Glance More than a quarter of law firms experienced a data breach. (The American BarAssociation’s 2019 Legal Technology Survey Report) Every respondent suffered a security incident, with the most common attack being phishing.(2019 Survey of Global Law Firm) The most significant cyber threats to a law firm are phishing, data breaches, ransomwareand supply chain compromise. (The UK’s National Cyber Security Centre 2018 Report) Total or partial outsourcing of services and the use of automation and robotics to assist withrepeatable activities using third-party services are both increasing. (The Cyber Threat to UKLegal Sector 2018)4
Legal TechnologyIn 2017, the New Zealand Law Society issued a Practice Brief titled “Cloud Computing”. Insummary, law firms are increasingly using cloud computing as an alternative to in-housesystems. Advantages such as flexibility and cost must be balanced against risks to privacyand control. It recommends that where third-party IT is involved, contractual terms shouldbe sought to ensure that: Clients’ information is protected, and the cloud service will not compromise clientconfidentiality. The law firm makes all reasonable efforts to ensure attackers cannot access this clientdata.5
Cyber Tip: Cloud ComputingWhen sharing documents on a cloud platform,ensure that the correct permissions are set.6
Cyber Security in the NZ Legal ContextThe Privacy Act Any law firm or lawyer in sole practice has obligations as an agency under the Privacy Act, includingthe mandatory designation of a privacy officer. Principle 5 of the Privacy Act requires that an agency holding personal information shall ensure thatthe information is reasonably protected by security safeguards against loss and misuse.Rules of Conduct and Client Care Chapter 7 (Disclosure and communication of information to clients) Chapter 8 (Confidential information) Chapter 11 (Proper professional practice)7
A Global Perspective2017 Key Roundtable Takeaways - Cyber Security and Legal Practice (Australia) Cyber security threats are increasing2019 Cyber Security Report - American Bar Association (ABA) (United States) Over a quarter of firms report that they have experienced some sort of security breach Less than a third of law firms have an incident response plan.2019 PwC Law Firms’ Survey (Global) The insider threat is prevalent in all sizes of firms, with the majority having experienced incidents due to insidersover the last year8
Cyber Tip: WebsitesBeware of suspicious websites sent to you by email.https://fakewebshop.nz9
Cyber Tip: Social MediaBe careful about what you share, particularlysensitive information. The more you post the easierit is to have your identity stolen.10
Cybercrime - The Key Threats We Know Business Email Compromise Malicious Insider Attacks Ransomware Remote Desktop Protocol (RDP) Supply Chain Compromise Social Engineering Crypto jacking11
Cyber Risk Management - FrameworkThe NIST cyber security framework enables law firms to assess maturity across five functions: identify,protect, detect, respond and recover to: Describe their current cyber security posture; Describe their target profile for cyber security; Identify and prioritise opportunities for improvement within the context of a continuous andrepeatable process; Assess progress towards the target profile; and Communicate the cyber security risk to internal and external stakeholders.12
Cyber Risk Management - ControlsThe CIS Controls are a set of 18 prioritised, well-vetted, and supported security actions thatorganisations can take to assess and improve their current security state.The controls are designed using knowledge of actual attacks to help an organisation prioritise theirinvestment in controls that will provide the greatest risk reduction and protection against the mostdangerous threat actors, and that can be feasibly implemented.13
Cyber Tip: EmailsWhen receiving emails, be careful with links and attachments. Ask yourself: Do I know this person and is this their usual email address? Does this email subject look unusual? Is there an attached document? Does the email ask me to visit a website, send personal information orreply immediately?14
Cyber Tip: Invoice HijackingWarn your clients never to send funds to a newaccount without speaking to your firm first; remindclients to check the addresses of any emailspurportedly sent by your firm, particularly if theyrelate to payment of funds15
Cyber Tip: Working RemotelyAvoid transferring confidential information overpublic Wi-Fi networks as this can easily becompromised. Use a Virtual Private Network (VPN)wherever possible and ensure that your remotesoftware is up to date.16
Cyber Tip: Password ManagementUse a password management system that isrobustly protected with a secure and strongpassword. Add extra protection by applying multifactor authentication (MFA or 2FA).17
Our work in NZ Cyber Framework and Controls Incident response plans and playbooks Tabletop simulations Responding to incidents including forensics Incident Response Retainer18
Incident Response Plan19
Cyber Security and Legal Practice (Australia) Cyber security threats are increasing. 2019 Cyber Security Report - American Bar Association (ABA)(United States) Over a quarter of firms report that they have experienced some sort of security breach Less than a third of law firms have an incident response plan. 2019 PwC Law Firms' Survey
2 Incident Response Solutions Cyber Security Guide for NZ Law Firms Welcome to the Cyber Security Guide for NZ Law Firms The storage of sensitive client information and management of large funds make law firms an attractive target for cybercriminals. It is therefore critical for law firms to understand and mitigate the cyber risks they face.
Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original
the 1st Edition of Botswana Cyber Security Report. This report contains content from a variety of sources and covers highly critical topics in cyber intelligence, cyber security trends, industry risk ranking and Cyber security skills gap. Over the last 6 years, we have consistently strived to demystify the state of Cyber security in Africa.
What is Cyber Security? The term cyber security refers to all safeguards and measures implemented to reduce the likelihood of a digital security breach. Cyber security affects all computers and mobile devices across the board - all of which may be targeted by cyber criminals. Cyber security focuses heavily on privacy and
Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.
10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan
service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största
Connecting an ASP.NET-form to a database Connecting an ASP.NET form created with SpreadsheetConverter to a database is very easy. We will do it in 3 steps: 1. Calculate and save the form contents into a database. 2. Retrieve previous entered data from the database, show it in the form and let the user edit it and recalculated and save it again. 3. Show all submitted entries so that we can .