Byte of Prevention Blog

by Jay Reeves |

NIST Cyber Corner Offers 24/7 Help

Pin on Pinterest Share on Google+ Share on LinkedIn

Looking for training and guidance on cybersecurity that’s free and available 24/7?

Check out the Small Business Cybersecurity Corner, a new website from the National Institute of Standards and Technology.

“The vast majority of small businesses rely on IT to run their businesses and to store, process, and transmit information,” writes Kristina Rigopolous in this blogpost announcing the site’s launch. “Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies and their customers. With limited resources and budgets, small businesses need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them to cost-effectively address manage their cybersecurity risks. This NIST Small Business Cybersecurity Corner puts these key resources in one place.”

The NIST has been authorized by Congress to “disseminate consistent, clear, concise, and actionable resources to small businesses.” These resources come from the NIST and other agencies, as well as a range of for-profit and non-profit organizations.

And though the Cybersecurity Corner doesn’t provide one-on-one help to law firms, the site contains a resource directory of contacts that can offer assistance. There is even a link for reporting threats and incidents.

Risks and Threats

A large portion of the website is dedicated to identifying emerging threats. One section is on hidden threats that lurk in corrupted software files.

Other topics: protecting against malicious code (descriptions of viruses, worms, and Trojan horses along with safety tips), handling destructive malware (an overview of potential distribution vectors), understanding rootkits and botnets, recognizing fake antiviruses, recognizing and avoiding spyware, understanding denial-of-service attacks, and defending cell phones and PDAs.

What to Do About a Breach?

“You just learned that your business experienced a data breach,” says the NIST site. “Whether hackers took personal information from your corporate server, an insider stole customer information, or information was inadvertently exposed on your company’s website, you are probably wondering what to do next.”

The first step is to determine the extent of the problem. What may have been exposed? Once you’ve got a handle on the potential damage, here are some safety pointers:

  • Act quickly to secure your systems and fix vulnerabilities that may have caused the breach. The only thing worse than a data breach is multiple data breaches. Take steps so it doesn’t happen again. Mobilize your breach response team right away to prevent additional data loss.
  • Assemble the necessary experts for a comprehensive breach response. Depending on the size and nature of your company, the response may include forensics, legal, information security, information technology, operations, human resources, communications, investor relations and management.
  • Identify a data forensics team. Consider hiring an independent investigator to help determine the source and scope of the breach. The goals: to capture forensic images of affected systems, to collect and analyze evidence, and to outline remediation steps.
  • Consult with legal counsel. Talk to an expert in cyber-liability (unless you’re one yourself). Consider engaging outside legal counsel with privacy and data security expertise. They can advise you on federal and state laws that may be implicated by a breach.
  • Secure physical areas potentially related to the breach. Lock them. Change access codes, if needed. Ask your forensics experts and law enforcement when it is reasonable to resume regular operations.
  • Stop additional data loss. Take all affected equipment offline immediately— but don’t turn any machines off until the forensic experts arrive. Closely monitor all entry and exit points, especially those involved in the breach. If possible, put clean machines online in place of affected ones. In addition, update credentials and passwords of authorized users. If a hacker stole credentials, your system will remain vulnerable until you change those credentials, even if you’ve removed the hacker’s tools.
  • Review your cyber-liability insurance policy. Don’t have one? Lawyers Insurance can be your insurance firewall against computer hacks and client data theft.
  • Contact your professional liability carrier. Do this if you think client data might have been compromised. Your carrier can help with loss prevention and mitigation.

About the Author

Jay Reeves

Jay Reeves practiced law in North Carolina and South Carolina. He was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He is the author of The Most Powerful Attorney in the World, a collection of short stories from a law life well-lived, which as the seasons pass becomes less about law and liability and more about loss, love, longing, laughter and life's lasting luminescence.

Read More by Jay >

Related Posts

LM Portal Access your LM Portal for policy information and forms.
Need Insurance? See the difference service can make.
Payment Due? Make an online payment now.
Lawyers Mutual NC Logo

Get In Touch

Lawyers Mutual Insurance Company
1001 Winstead Drive, Suite 285

Cary, NC 27513

919.677.8900
 | 
1.800.662.8843

Fax: 919.677.9641

Latest Alerts

The Corporate Transparency Act: What North Carolina Law Firms Need to Know

Lawyers Mutual has published previous alerts regarding the new filing requirements under the Corporate Transparency Act (“CTA”) that went into effect January 1, 2024. After reviewing additional resources, we want to emphasize concerns that we have about the risks and increased potential liability for lawyers undertaking the reporting requirements. This is especially true for the continuing reporting requirements after entity formation and initial reporting.  

Learn More

eCourts Expansion Announced for 2024

The North Carolina Administrative Office of the Courts (NCAOC) recently announced additional go-live plans for counties transitioning from paper files to Enterprise Justice (Odyssey), which currently serves Harnett, Johnston, Lee, Mecklenburg and Wake counties. Twelve northeastern counties comprising Track 3, as previously announced, will go live on February 5, and 10 counties comprising Track 4 (Alamance, Chatham, Durham, Franklin, Granville, Guilford, Orange, Person, Vance and Warren) will go live on April 29.   

Learn More