BreachExchange mailing list archives
25 Tips to Prevent Law Firm Data Breaches
From: security curmudgeon <jericho () attrition org>
Date: Sat, 10 Nov 2012 21:58:40 -0600 (CST)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.wisbar.org/AM/Template.cfm?Section=Wisconsin_Lawyer&template=/CM/ContentDisplay.cfm&contentid=114269 By Sharon D. Nelson & John W. Simek Wisconsin Lawyer Vol. 85, No. 11, November 2012 Another day, another data breach. Data breaches have proliferated with amazing speed. Here is the roundup of some of the largest victims in 2011 alone: Tricare, Nemours, Epsilon, WordPress, Sony, HB Gary, TripAdvisor, Citigroup, NASA, Lockheed Martin, and RSA Security. Some mighty big names on that list. Don't be lulled into thinking that law firms (large and small) aren't suffering data breaches just because they don't have millions of clients affected. On Nov. 1, 2009, the FBI issued an advisory, warning law firms that they were specifically being targeted by hackers. Rob Lee, an information security specialist who investigates data breaches for the security company Mandiant, estimated that 10 percent of his time in 2010 was spent investigating law firm data breaches. Matt Kesner, the CIO of Fenwick and West LLP, has lectured at ABA TECHSHOW and appeared on a podcast acknowledging that his law firm has been breached twice. As he has also noted, it is very unlikely that we know of most law firm data breaches because the firms have a deeply vested interest in keeping breaches quiet. This may be less true in the future now that 46 states, including Wisconsin, have data breach notification laws. But as of October 2012, there is still no federal data breach notification law. Shane Sims, a security practice director at PricewaterhouseCoopers has said, "Absolutely, we've seen targeted attacks against law firms in the last 12 to 24 months because hackers, including state sponsors, are realizing there's economic intelligence in those networks, especially related to business deals, mergers, and acquisitions." Matt Kesner has noted that China is often responsible for state-sponsored hacking ? but that China doesn't waste its "A" squads on law firms: because law firm security is so dreadful, the rookies on the "C" squads are good enough to penetrate most firms. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- 25 Tips to Prevent Law Firm Data Breaches security curmudgeon (Nov 12)