In this new white paper, published by Thomson Reuters’ Legal Executive Institute, authors Daniel Garrie and Rhea Siers examine some of the vulnerabilities that law firms face in keeping their own internal data and client data safe from cybersecurity attacks.
“Law firm culture has long focused on the ability of attorneys to bring a high level of thought and analysis to every legal case on the firm’s roster. However, similar care has not been spent by firms when it comes to data security. Without data security, client files may inadvertently end up on a file server in China, Brazil or perhaps even Russia,” the authors write.
The authors also offer several cost-efficient solutions to help law firms and companies remedy this growing and potentially disastrous problem.
Excerpt:
Like most enterprises, hacking is generally about making money. Even without a direct link to the attorney’s confidential client information, any other data on the laptop can easily be bought and sold on the underground market. Take, for example, a personal email account. Within this account, our attorney friend has emailed his bank account information in 2007 to his brother so a transfer could be made. Between 2010 and 2015, before his law firm bought iPads for attorneys, our attorney would often send himself client documents to work on from home.
As a highly organized attorney, our friend keeps all copies of receipts from Internet transactions in a folder in his Gmail account. He is wise not to save his username on his banking website, but he does maintain an email in his drafts folder with a list of all passwords for those less important sites, like his Netflix account. Through the use of spear fishing, social engineering, and malware, even a marginally savvy criminal with access to this information can withdraw funds from the attorney’s bank account, impersonate the attorney, and gather enough information and access to use the email accounts to send spam.
By: Daniel Garrie
Co-Founder of Law & Forensics LLC
Daniel Garrie, Esq. is the Co-Founder of Law & Forensics LLC (https://www.lawandforensics.com), where he heads the Computer Forensics and Cybersecurity teams. Daniel has been a dominant voice in the computer forensic and cybersecurity space for the past 20 years, as an attorney and technologist. Prior to Law & Forensics, he successfully built and sold several technology start-up companies. Since co-founding Law & Forensics LLC in 2008, Daniel has built it into one of the leading boutique cybersecurity forensic engineering firms in the industry. In addition to his role at Law & Forensics, Daniel is a mediator, arbitrator, and e-discovery special master for JAMS and is a partner and head of the Cybersecurity at Zeichner, Ellman & Krause LLP. Daniel has both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School.
Daniel has led cyber and forensic teams in some of the most visible and sensitive cyber incidents in the United States. He and his team have worked for two of the top five banks in the globe, and dozens of the largest private and public companies in the world. Daniel and his team have been involved in thousands of investigations and disputes all over the globe. In addition, Daniel has been awarded several patents for advanced cybersecurity and forensic platform he built with his team that is currently used in the industry, Forensic Scan.
Daniel is also well-published in the cybersecurity space and has authored more than 200 articles and books. His work is cited by Black’s Law Dictionary 10th Ed. In defining the terms “software”, “internet”, and “algorithm.” Additionally, he has been recognized by several United States Supreme Court Justices for his legal scholarship and is a trusted source and thought leader for cybersecurity articles and opinions, being cited over 500 times to date.
Daniel also enjoys teaching and is currently an Adjunct Professor of Law at Rutgers University in Cyber S
See all posts