Happens all the time, right? Turns out, it’s happening a lot more than people think and many governments, IT professionals and the hackers are all taking notice. Why?
Policies to secure phones and tablets are difficult to craft and even more difficult to enforce (sometimes). Unlocked ‘toys’ represent a ‘back door’ to all the corporate data.
Hackers Come In All Shapes And Sizes
Law Firms Are A Gold Mine Of Information
The reasons law firms are increasingly a target for security breaches include
One-stop-shops – Law firms contain a wide array of ‘good’ data. Personal information, corporate information, intellectual property – all in one place!.
Quantity and quality of the data – The attorney-client privilege ensures that there is a host of great information in one place
Demanding audience – Lawyers expect all their information to be maintained at arm’s reach. This makes it much easier for nefarious resources to harvest that information as well.
Latest technology – Many lawyers love to use the latest toys but they often fail to protect them.
No endpoint – Law firms have no endpoint for access. Mobile workforce, personal devices, mixed devices, other people’s devices (traveling or on a shared device) mean that there is no endpoint to close the loop on security. There is almost always an access point.
Data breach – Agents looking to acquire the good stuff like Social Security numbers account information, etc. The best targets for this information include employment firms.
Intellectual property hack – Targeting trade secrets, trademarks, patents, research, and development, etc.
Destruction of data hack – The goal here is to destroy information and this has been the least common in the legal industry. That said, the more firms rely on hosted solutions to manage information, the higher the risks become for this type of event.
Hack the medium – Breaches where the hacker targets the very systems designed to keep things safe.
The mode of attack on the legal community falls into two primary categories – phishing and (what I call) shadowing. Phishing tactics often employ emails links. This is especially easy in law firms as so much work is done through email.
Shadowing is another approach where hackers target individuals with access to the firm’s network and data. The find ways to watch you access your company’s network from home, through remote access or most importantly – through social media. Both options offer a direct means to private client data.
So if we understand the reasons firms are targeted and what information is being targeted – what is a firm to do?
The vast majority of the products and services in place today are what many refer to as the ‘Castle Approach’.
Build the castle walls, moats, more walls, towers, and defensive lines to one thing – keep the bad guys out. Firewalls, Antivirus, DMZ’s and authentication are all products and tools of the Castle Approach.
Much of the new discussion, however, is about blending this approach with the second – which is data exfiltration.
Preventing Exfiltration (You Can Go, But The Data Stays Here)
Thus working to keep information from leaving is an equally important element in avoiding client data loss for the firm.
For the small to midsized (SMB) firms with limited means to invest in the latest exfiltration technologies should look to first identify security or risk vulnerabilities. Questions such as
- What information is most sensitive and where is it stored?
- Is this information widely available once users have access to the network?
- Do we restrict the movement of this information within the company?
- Is our network configured to recognize the movement of information outside the network and can it ‘close the door’ if it identifies substantial outbound data movement?
- It is critical for law firm administrators, IT professionals and firm executives to reflect on these questions.
There are many considerations and technology options to accomplish this, however, the first step should simply be
- Training and education of the employees. Many of the issues faced by the SMB legal industry can be avoided with proper training, advanced planning for security and a plan for handing threat intrusions when they do happen.
- The second step is to discuss technical options with your IT / Security team to see what tools may fit your business, risk tolerance, and budget.
How Blockchain would help!
A blockchain is a distributed database that maintains a continuously growing list of records that are secured from tampering and revision. It consists of data-structure blocks that may contain data or programs, with each block holding batches of individual transactions, and the results of any blockchain executables. Every node in a decentralized system has a copy of the blockchain. No centralized “official” copy exists and no user is “trusted” more than any other.
To be precise, a blockchain is an append-only database with transaction order and the following data protection properties:
- Immutable data storage
- Secure time-stamping
- Public audit
What constitutes personal data in a blockchain?
While the concept of personal data is set to become broader under GDPR, it is unknown whether public keys constitute personal information – while these do not have the same features as anonymous data, their characteristics are similar.
From a security perspective, blockchain technology helps to make online data transmission secure by eliminating middlemen and singular control. Because the blockchain is completely decentralized, there is no single source controlling it.
Why blockchains are great for data protection
Blockchains are safe because they make use of digital signatures, time-stamping and encryption. This facilitates a secure means of managing and storing all sorts of information, including personal data. Because the data is not centralized, it means that opportunities for cybercrime are hugely reduced in comparison to data stored on a single server.
Though there rise so many complications among all the industries “Future Technology” brings promising solutions. Similarly, every new technology has its own pros and cons but the next generation inventions keep finding the solution for them.