Element to Strengthen and Expand ADV’s More Than a Decade-long iManage Partnership
One of the many important roles of a lawyer is to mitigate risk to his or her clients. Each day, we learn more about the ever-changing landscape of cyber threats that pose a risk for lawyers serving their clients. In today’s world, it is not really a question of “if” your law firm will be the target of a cybersecurity breach, but a question of “when”. There are even websites that exist which identify specific law firms as targets because they are known to be vulnerable and penetrable to those who wish to exploit them.
More often than not lawyers are either ignorant of the risk or choose simplicity over security, and firms simply cannot afford to continue on this path any longer. In my experience, most lawyers do not even realize they have chosen a risky path until it is too late. A lawyer’s time is extremely valuable, so the struggle usually occurs when there is a choice between security and the billable hour. Is it more important to focus on servicing a client or learning on how to ensure that the law firm’s information and the client’s information are secure? Both areas are vital to the success and growth of a law firm.
The best defense against cybersecurity threats is a solid plan and an unrelenting commitment to it. Regardless of a law firm’s size or resources, implementing a strong cybersecurity plan is attainable with the right technology team. Make sure the team truly understands the needs of the firm and that they closely follow the Bar rules for professional conduct and ethics, as well as evolving legal trends. Ensuring that the firm’s cybersecurity plan aligns with Bar rules and current trends is vital and must be the benchmark. This is much like how a law firm assists clients in mitigating risk, a solid technology team will do the same for the law firm.
Every law firm we have ever worked with has been committed to investment in common security measures such as firewalls, anti-virus, anti-malware, and spam filtering, but while these systems are integral to a strong cybersecurity plan, other aspects of the plan are often overlooked or ignored. In this article we will focus on 3 of the most important areas for a stronger cybersecurity plan: awareness, passwords, and policies.
The most important element of a strong layer of cybersecurity for a law firm is awareness. Threats are all around us and occur in real-time. Bad actors do not care if we are busy, in fact, they thrive on it and seek to capitalize on it. As we are all working diligently to provide service to our clients, we are constantly faced with cybersecurity threats that wish to expose our weaknesses. We need to be armed with the latest information around cybersecurity threats, trends, and best practices. We must empower our colleagues to make good decisions in real-time, whether it is clicking on a link in an email, identifying a fraudulent request or, using social media to force us to give up valuable information.
A cybersecurity awareness program has proven to have excellent results. These programs educate law firm and businesses on best practices and how to avoid the many pitfalls of cyber-attacks. The benefit of these programs is their ability to help prevent staff from falling victim to ransomware attacks, malware, or even worse, fraudulent wire transfers. This can be accomplished through simulated email phishing attacks, lunch and learn training, and testing firm policies. The cybersecurity industry has found that testing employees on a regular basis is vital to the security posture of the organization and keeps these tools in the consciousness of staff. We recommend scheduling time at least once per quarter with the technology team to run tests, discuss best practices and to educate staff to be more aware.
Over the past few years, there has been an increased effort to help everyone understand the importance of maintaining strong, unique passwords. We are making progress, but we have a long way to go. This is by far, the easiest way to hack into any law firm. What many lawyers overlook is how critical it is to not use the same password for multiple accounts. Think of it from this perspective. While your law firm may not be a huge target for a hacker, your account with Apple, Google, Microsoft and other large companies are.
Sample Scenario – let’s assume for a moment that someone uses the same password or password convention for their Gmail account which is the same as their law firm email account. Their password then gets exposed due to Google or their specific account being hacked. Now the hacker has the user’s name and email address and ultimately will do an internet search to find out more information about them. That internet search will reveal many things, including their law firm, personal information and history. From there, all they have to do is find the login page for their email and they are in! Note – there is a website which anyone can go to and see where they have online accounts and whether they have possibly already been hacked.
Always use a different password for each online account and use a good password manager to keep track of them. By using a password manager, individuals only really have to remember one password, so make it a good one!
Policies are often overlooked, especially as it relates to cybersecurity. Most law firms have a password policy, but that is only scratching the surface. Ultimately, every law firm should have a general cybersecurity policy, a communication policy, a password policy, an incident response policy, and a wire transfer policy. Policies protect a law firm from attack by making sure everyone receives a consistent message to the firm’s expectations with information exchange, and ultimately protects against breaches and other fraudulent activity. Most importantly, in the event of a breach, the law firm knows exactly how to handle what is sure to be a stressful situation and what steps it can take to resolve the matter. When something bad happens, it’s human nature to panic and be worried. A good policy does the thinking for us and we simply execute it.
Sample Scenario – let’s assume for a moment a law firm does wire transfers on a regular basis, maybe for real estate closings. If the managing partner’s email is compromised, a bad actor now has access to it and initiates a fraudulent wire transfer request to the accounting person, the accounting person might see the request coming from the partner and execute the transfer without question or follow-up. Before the breach and bogus request are even discovered, the firm has perhaps wired $100,000 to someone other than the intended recipient of that money.
A wire transfer policy should be clear and understood by everyone, and it should always include more than one method of authentication. The policy should maybe require a form to be filled out, and the written request to be backed by a documented verbal approval as well.
Within an effort to create strong cybersecurity policies, start by documenting all of the ways a lawyer interacts with clients and information processing. This will assist the team in identifying potential holes or risks in those policies. There is a balance to how much security each firm needs, and each law firm is slightly different. Find out if the technology team or vendors closely follow the Bar rules in order to be in a position to help your firm navigate the proper approach in terms of balancing the firm’s required security needs with the efficiency of running a law practice.
A commitment to cybersecurity is no longer an option, and all firms need to take cybersecurity threats very seriously. It could be the difference in a law firm’s ultimate success or failure. If we all do our part, we can make a difference and effectively protect the firm’s personal information as well as client information. Cutting costs and ignoring cybersecurity threats is not only a formula for disaster, but it may also nullify any cybersecurity, E&O, and other insurance policies the firm may currently have in place to help mitigate such disaster. Review your firm’s policies and ensure that important internal policy requirements required by your insurance carrier(s) are not being overlooked or ignored.
On Monday June 4th, Motherboard reported that DNA testing and genealogy website MyHeritage suffered a security breach in October 2017. A security researcher discovered a file located outside MyHeritage’s servers with email addresses and password hashes for over 92 million MyHeritage accounts. According to a statement from MyHeritage, no other data was compromised (MyHeritage does […]
McLean, Va. (May 14, 2018) – Red Five, an internationally recognized, private security and management consulting company, and Element, a leader in information technology, cloud and advisory services, today announced a Strategic Alliance designed to focus on providing leading-edge security solutions for private clients and families, family offices and high net-worth individuals. The offerings will bring together physical security plans and execution with an enhanced level of cybersecurity risk assessment and information technology management.
The Alliance provides Red Five’s client base with a rounded approach to security solutions and the ability to offer a higher level of cybersecurity. Element works at all levels of a client’s network, cloud and data requirements to provide confidence through proven security tools and industry best practices.
“We’re excited to announce this strategic partnership with Red Five,” said Jeff Alluri, VP Consulting, Element. “Red Five offers our existing and new clients a layer of physical security planning and execution that merges perfectly with how we work to ensure their physical and cybersecurity solutions follow industry best practices.”
"Partnering with Element further enhances how we execute a full, integrated security program for a client. Their ability to provide cyber risk mitigation and data networking protection means clients now have an holistic, enhanced view of how the entire security plan is implemented," commented Kris Coleman, President/CEO of Red Five. "Both companies bring extraordinary value to key clients and function as force multipliers for existing resources.”
About Red Five
Red Five is a security and management consulting company comprised of former CIA, FBI, U.S. Secret Service, U.S. Military security professionals and experienced system designers. It has a robust past performance supporting corporate executives, U.S. government officials, diplomats and other high net-worth individuals and families with expert consulting and protection services. Red Five is committed to providing holistic, proactive, and cost-effective solutions to critical security challenges and performing targeted assessments with discretion and high ethical standards. The company supports projects in the U.S., Europe, Asia, and the Caribbean from offices in Washington D.C. and Palo Alto, CA.
For more information about Red Five, visit Red5Security.com
With offices throughout the Midwest and Florida, Element is a premier IT and cybersecurity firm serving businesses for over 25 years. Their highly-skilled staff of experts, utilizing industry-leading tools can properly assess, manage, monitor, secure and support technology systems of all sizes. They love what they do and have a passion for customer service which reflects in their people and defines who they are. Element is all about keeping their clients running, responding quickly to problems, and providing solutions in a meaningful yet easy-to-understand and cost-effective way.
For more info, please visit www.ele-ment.com
Once again this year, WatchGuard has been named a Grand Trophy Winner in Info Security Products Guide’s Global Excellence Awards. WatchGuard took home eight total awards for ISPG’s 2018 awards program, including Gold in the Advanced Persistent Threat Detection and Response category for WatchGuard APT Blocker.
We’re proud to have so many of our products and services recognized by Info Security Products Guide’s Global Excellence Awards. Behind this distinguished success is our relentless drive to stay customer focused. We believe this recognition further validates our ongoing commitment to innovative, simplified enterprise-grade security for SMBs. Here’s the full list of WatchGuard’s 2018 ISPG Global Excellence Awards honors:
The team is especially excited about WatchGuard APT Blocker earning the Gold award in ISPG’s Advanced Persistent Threat Detection and Response category. APT Blocker protects businesses from advanced malware threats that traditional signature-based antivirus (AV) software will often miss. APT Blocker offers complete visibility into the advanced threats attempting to attack both networks and endpoints, including data on the sender source, threat IDs, protocols used, and the specific types of malicious activities that would have happened if APT Blocker did not take action.
View the complete list of Info Security Products Guide Global Excellence Awards winners here, and keep an eye on Secplicity to be the first to know about all of WatchGuard’s big announcements and exciting honors.
What it is:
Back in June of 2017, researchers at Google Project Zero and a few other academic institutions and security firms discovered two vulnerabilities that have been codenamed Meltdown and Spectre. Both are fundamental flaws in the design of the processors that power almost all modern computers, tablets, and smart phones. These vulnerabilities can be exploited to access the entire memory contents of an affected system. This would allow someone to steal passwords, encryption keys, and other sensitive data that is normally only accessible to the operating system.
What it affects:
Because of the low-level nature of these vulnerabilities, the list of affected devices is extremely widespread. Any device with a processor chip from Intel, AMD, or ARM since 1995 is affected by one or both of these vulnerabilities. Apple has already come out and said that all iOS and Mac OS devices are affected. A majority of Android devices are also vulnerable. Every Windows computer is vulnerable in some way as well. Additionally, all vulnerable systems can potentially be exploited through most web browsers.
What you can do:
While there aren’t currently any known attacks exploiting these vulnerabilities out in the wild, proof of concept has been demonstrated and this should be treated seriously. The most important thing you can do is keep your devices up to date. Operating system updates are already being pushed out by all major vendors as of early January. It is also important to keep antivirus software up to date as the operating system updates cannot go through if the antivirus software hasn’t been updated for compatibility. It is also critically important to employ safe email and web browsing habits. Extra caution needs to be taken when clicking on links and visiting websites because these flaws can be exploited through the framework that powers most websites on the internet.
By Brian Croft (Element Staff Engineer)
By Chris Warfield on Oct 20, 2017 02:45 pm
On October 16, 2017, security researchers announced several vulnerabilities in the WPA/WPA2 encryption protocol that affect countless Wi-Fi enabled devices worldwide. As a result of KRACK, Wi-Fi data streams, including passwords and personal data, can be intercepted, decrypted, and modified without a user’s knowledge. This security flaw means that, for vulnerable clients and access points, WPA- and WPA2-encrypted Wi-Fi traffic is potentially exposed until certain steps are taken to remediate the issue.
Presently, there are 10 known vulnerabilities that comprise KRACK. WatchGuard is providing patches for all of our affected products. For non-WatchGuard devices, users should refer to their vendor’s website and security advisories to determine if they are affected, and if updates are available. Even though most companies will provide patches, it’s likely that unpatched devices will interact with your network and expose you to risk. WatchGuard offers additional methods to protect unpatched client devices from KRACK.
How to Mitigate KRACK
The steps below describe recommended actions to protect your network from KRACK vulnerabilities in various scenarios, including from unpatched client devices.
1. Update your access point (AP) firmware (10/30/17)
2. Enable “Mitigate WPA/WPA2 key reinstallation vulnerability in clients” feature. The AP can compensate for the unpatched clients with this setting enabled. Mitigation is recommended only until all clients are patched.
3. Enable “AP MAC Spoofing Prevention” setting in Wi-Fi Cloud WIPS policy.
Salt Lake City, UT – October 3, 2017 – NetDocuments, the leading cloud-based document and email management (DMS) platform for law firms and corporate legal departments, announced today that McCollum Crowley, Bassford Remele, and Zimmerman Reed selected NetDocuments for improved security, efficiency, and usability across their offices and legal professionals.
The drivers for the MN-based trifecta of firms making the switch to NetDocuments included the need for modern technology to support the firms’ cloud initiative, security and data protection requirements, and the productivity needs of an increasingly mobile legal workforce and client base. These value-drivers to move to the cloud are shared across the other 33 firms who selected NetDocuments in the last month.
“Our firm is built on the principles of quality, experience, and a proven record of putting our clients first – and we view technology as a key enabler of that,” Vanessa Kahn, Firm Administrator at McCollum Crowley, stated. “We take our technology investments very seriously, especially when it comes to mission-critical applications such as document and email management, client collaboration, and firm security. NetDocuments’ experience coupled with security and innovation through delivering a legal-specific service for nearly two decades, is the type of confidence and trust we need in a provider and partner. NetDocuments will eliminate IT complexity and allow us to operate more efficiently and securely while providing our people and clients with the usability and ‘anywhere productivity’ tools they need.”
Jeff Alluri, Principal and VP of Consulting at Element Technologies, a NetDocuments Certified Partner working with all three firms, commented, “We’re extremely excited to see these great Minnesotan firms take an innovative approach to technology selection that will not only enable them to continue delivering exceptional service to their clients, but will also protect their firm with best-in-class security and compliance and empower their legal professionals with the modern productivity tools they need. The rate and delivery of innovation with the NetDocuments platform is simply not possible with hosted or on-premises DMS technology available in the market today. We’re proud to be amongst the NetDocuments Certified Partner community and looking forward to helping more firms in the region modernize their practice with leading technology that delivers real business value.”
Author: The NetDocuments Team
Cyber criminals have stolen 143 million credit records in the recent hacking scandal at big-three credit bureau Equifax. At this point you have to assume that the bad guys have highly personal information that they can use to trick you. You need to watch out for the following things:
Here are 5 things you can do to prevent identity theft:
And as always, Think Before You Click!
Element Technologies, LLC, a leader in information technology services to law firms is proud to announce it is now a certified NetDocuments Partner. Element continues its commitment to lead the industry in technology services for law firms. “Today we have forged a partnership with NetDocuments to deliver best of breed cloud-based document management to the legal community”, Jeff Alluri, VP of Consulting. “Element’s focus on law firms and our highly talented group of technology experts have expanded our expertise in document management, document retention, and data security. Element is driven by our core values and the NetDocuments partnership is an extension of these values.”