Lawyers Are Real-life Superheroes in Cyber-Wars

Here’s a scary stat for Halloween: 90% of U.S. big businesses were hacked in 2013.

The other 10% were probably secretly hacked but just don’t know it.

Massive data breaches at Target, Google, Home Depot and JP Morgan Chase grab the splashiest headlines. But countless other hacks go unnoticed, sometimes even by the victims.

There are only two types of companies, say FBI Director James Comey: those that have been hacked and those that aren’t aware of it yet.

Boo! And guess what superhero is being called on to defend us against this spooky cyber-menace?

It’s not Professor Van Helsing and his wooden stake. Nor is it Black Widow in her skin-tight spider suit.

It’s none other than Legal Eagle, that pin-striped protector of our privacy.

“The two most critical groups to me are legal and the IT security group,” says one corporate counsel and privacy expert. “They’re most likely the ones who first become aware of the incident, whether they find it themselves or hear from external parties. If you’re not already working closely with security, it’s wise to make sure you get to know them and understand the things they work on.”

Data Security – It’s Not Just For Geeks Anymore

Lawyers in private practice – and solos in particular – have a tough task. They have to fight the cyber-war on three separate fronts:

• Like anyone with a computer or portable device, they have to be vigilant about their personal data security.
• They also have to train their staff.
• And they have to protect their clients.

In-house lawyers generally only have one client to worry about. And they usually have help in the form of IT support and security teams. But that doesn’t mean they’re sleeping any better at night.

“It’s one of the hottest topics for in-house counsel,” according to FindLaw. “Companies have sensitive data, hackers break in, and companies respond with mouths agape.”

Step One: Know the Risks

Here are some of the scariest threats headed our way, courtesy of one tech expert.

• Social media attacks. Of the 1.3 billion people who use Facebook each month, several million are “undesirables” – i.e., scammers and hackers. Bad guys love Facebook because it contains so much personal information on users. And by posing as a “friend,” these undesirables can gain easy access.

• Data breaches. “Data breaches involving credit card numbers are less harmful to the end user than those involving Social Security numbers, thanks to consumer-protection laws,” writes Jill Scharr. “But they cost banks and other card-issuing financial institutions millions of dollars in fraudulent charges.”

• Malware as a service. Anyone with malicious intent can easily purchase DIY malware kits, botnets and databases of stolen credit card numbers on the thriving cybercrime black market.

• Point of Sale (PoS) attacks. You don’t even need to own a computer to become a victim of PoS theft. All you need is a credit card, debit card or retail swipe card. Criminals scoop up data from the card’s magnetic strip and transmit it to a remote server. Next thing you know you’ve purchased a new Lexus or a condo in Vail. Or you’ve made a substantial cash contribution to a needy Nigerian prince.

• Zero-day exploits. Cyber-criminals are really, really good at detecting flaws and vulnerabilities in software. Sometimes they even locate weak spots before the vendor knows they exist. Such attacks are called “zero-day exploits” because there is no time to fix the problem or protect yourself from the fallout.

• Cyberespionage. Twenty-two percent of cyber-attacks involve illegal espionage, according to a 2013 study by Verizon. That was roughly the same amount of mischief caused by card skimming and point-of-sale thefts combined.

Step Two: Call In the Reinforcements

Never fear. Help is here. Just as Batman has Robin and the Avengers have Nick Fury, North Carolina attorneys have Lawyers Mutual.

In 2015, look for Lawyers Mutual to offer seminars and workshops on cyber-safety featuring security experts. Its Client Services Department produces risk management checklists, handouts and practice guides.

And the best part: most of these resources won’t cost you a dime.

Then there is Erik “The Human Firewall” Mazzone, director of the N.C. Bar Association’s Center for Practice Management.

One of the Center’s goals is to help NCBA members understand and use emerging technologies safely and profitably. Erik does this through free, confidential consultations by phone or email. He can also advise you on law office technology issues and trends and refer you to an outside service provider if desired.

So if on Halloween you peek outside and see Dracula or Frankenstein on your doorstep, rest easy. At least you’re not getting hacked.

Sources:

• Inside Counsel http://www.insidecounsel.com/2014/05/20/planning-for-the-inevitable-cyber-breach
• Tom’s Tech Guide http://www.tomsguide.com/us/scariest-security-threats,review-2144-3.html
• FindLaw http://blogs.findlaw.com/in_house/2014/05/in-house-attorneys-game-plan-for-data-breaches-and- http://www.cbsnews.com/news/fbi-director-james-comey-on-privacy-and-surveillance/cybersecurity.html
• N.C. Bar Association https://www.ncbar.org/members/practice-management/about-us/

Jay Reeves a/k/a The Risk Man is an attorney licensed in North Carolina and South Carolina. Formerly he was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. Contact jay.reeves@ymail.com.