Washington Lawyer - May 2019 - 15

5 KEYS TO SMART DATA SECURITY
1. TAKE STOCK. Know what personal information you have
in your files and on your computers.
2. SCALE DOWN. Keep only what you need for your business.
3. LOCK IT. Protect the information that you keep.
4. PITCH IT. Properly dispose of what you no longer need.
5. PLAN AHEAD. Create a plan to respond to security incidents.
Courtesy of Allison Lefrak, Federal Trade Commission

"It can't happen to me" is a common refrain among attorneys who have
complied with cybersecurity defenses such as firewalls, multifactor authentication, different passwords for each device and program, antivirus
software, and malware detection. But the reality is, an attack just hasn't
happened yet.
"The modern hackers are not just looking for the high-profile people," says
Caterina Luppi, chief information officer of the D.C. Bar. "They look for someone
in the organization who might be an assistant or a new hire because it's likely
that they could be the door to get into the system. They may not have as high
a level of security, and a malicious attack can get a hacker access to the whole
organization."
Luppi says that too often the uninitiated lawyer or executive thinks of hackers
simply as digital pranksters - high school students in the basement trying to
beat "The Man." The reality is far more disturbing. They are the foot soldiers in
a war that crosses continents and exacts a heavy toll on law firms, corporations,
and governments.
A report from Accenture, Securing the Digital Economy: Reinventing the
Internet for Trust, estimated that global companies could incur as much as
$5.2 trillion in additional costs and lost revenue over the next five years due to
cyberattacks. The highest risks are faced by the high-tech, life sciences, and
automotive industries.
In reality, the human component is the biggest security factor inside a firm.
Law firms can have phenomenal technology to mitigate the risk of the human
factor, but they can't stop one individual from doing something careless and
catastrophic. Complicating the process is the fact that flawed humans are
responsible for implementing those security controls.
"Our data resides on more and more platforms: iPhones, laptops, tablets, cars,"
says Stark, president of John Reed Stark Consulting LLC. "The biggest vulnerability will never be a tech one, though. It is always a human one. You can't fix
that human factor."

place. In addition, firms must install firewalls, spam filters, and other antivirus
tools to constantly scan for possible dangers.
"The first step is always looking at what you may have and what may be protected under the law or contract obligation," says Beckage. "There is so much
out there as far as regulation and guidance, and it's important to know what
applies to you and what are industry best practices."
Experts say that the number one way to build a strong defense against
cybersecurity threats is to effectively train staff - and train them in a
personalized, real-world method. If the training is not customized to the
specific environment of the law firm or the country it operates in, with
realistic examples from the office, it's not going to translate into improved
behavior.
Attorneys need to expand their understanding of the threats, making it easier
for them to spot phishing attempts and sound the alarm. It's also important
they develop a deeper understanding of digital hygiene to ensure they don't
accidentally turn into the weak link in the cybersecurity chain. Reusing passwords and avoiding encryption for convenience sake are critical mistakes to
be avoided.

"

Our data resides on more and more
platforms: iPhones, laptops, tablets,
cars ... The biggest vulnerability
will never be a tech one, though.
It is always a human one. You can't
fix that human factor.

Arrogance and ignorance are dangerous for attorneys in a digital environment, Stark says. Lawyers must be especially vigilant when operating in
compromised locations or when dealing with unknown individuals. The
assaults are coming from every angle, and the only way to protect clients
is to get serious about security.
Courtesy of John Reed Stark Consulting LLC

NO COOKIE-CUTTER APPROACH
The holy trinity of cybersecurity - securing the data value chain internally
and with vendors, employing stronger encryption, and offering regular training
- applies to both law firms and attorneys seeking to beef up their cybersecurity mentality and practices.
By assessing IT assets and working collaboratively with the firm's technology
experts to protect them, lawyers can make the right choices to secure
client documents and data. Most firms use cloud systems such as Microsoft
SharePoint or Google Drive, with encryption and monitoring systems in

JOHN REED STARK
President, John Reed Stark Consulting LLC

*

MAY 2019

*

WASHINGTON LAWYER

15


https://www.dcbar.org/

Washington Lawyer - May 2019

Table of Contents for the Digital Edition of Washington Lawyer - May 2019

Digital Extras
Your Voice
From Our President
Practice Management
Calendar Of Events
Cybersecurity Rules & Risks For The International Lawyer
Borders, Refugees & A Global Crisis
Climate Change: Turning To Law In Race Against Time
Member Spotlight
Global & Domestic Outlook
Worth Reading
Media Bytes
Attorney Briefs
Ask The Ethics Experts
Disciplinary Summaries
The Pro Bono Effect
Community & Connections
Special Coverage: Youth Law Fair @ 20
Last Word
Washington Lawyer - May 2019 - Cover1
Washington Lawyer - May 2019 - Cover2
Washington Lawyer - May 2019 - 1
Washington Lawyer - May 2019 - 2
Washington Lawyer - May 2019 - 3
Washington Lawyer - May 2019 - Digital Extras
Washington Lawyer - May 2019 - Your Voice
Washington Lawyer - May 2019 - From Our President
Washington Lawyer - May 2019 - 7
Washington Lawyer - May 2019 - Practice Management
Washington Lawyer - May 2019 - 9
Washington Lawyer - May 2019 - Calendar Of Events
Washington Lawyer - May 2019 - 11
Washington Lawyer - May 2019 - Cybersecurity Rules & Risks For The International Lawyer
Washington Lawyer - May 2019 - 13
Washington Lawyer - May 2019 - 14
Washington Lawyer - May 2019 - 15
Washington Lawyer - May 2019 - 16
Washington Lawyer - May 2019 - 17
Washington Lawyer - May 2019 - Borders, Refugees & A Global Crisis
Washington Lawyer - May 2019 - 19
Washington Lawyer - May 2019 - 20
Washington Lawyer - May 2019 - 21
Washington Lawyer - May 2019 - Climate Change: Turning To Law In Race Against Time
Washington Lawyer - May 2019 - 23
Washington Lawyer - May 2019 - 24
Washington Lawyer - May 2019 - 25
Washington Lawyer - May 2019 - 26
Washington Lawyer - May 2019 - 27
Washington Lawyer - May 2019 - Member Spotlight
Washington Lawyer - May 2019 - 29
Washington Lawyer - May 2019 - Global & Domestic Outlook
Washington Lawyer - May 2019 - 31
Washington Lawyer - May 2019 - Worth Reading
Washington Lawyer - May 2019 - Media Bytes
Washington Lawyer - May 2019 - Attorney Briefs
Washington Lawyer - May 2019 - 35
Washington Lawyer - May 2019 - Ask The Ethics Experts
Washington Lawyer - May 2019 - 37
Washington Lawyer - May 2019 - Disciplinary Summaries
Washington Lawyer - May 2019 - 39
Washington Lawyer - May 2019 - The Pro Bono Effect
Washington Lawyer - May 2019 - 41
Washington Lawyer - May 2019 - 42
Washington Lawyer - May 2019 - 43
Washington Lawyer - May 2019 - Community & Connections
Washington Lawyer - May 2019 - 45
Washington Lawyer - May 2019 - Special Coverage: Youth Law Fair @ 20
Washington Lawyer - May 2019 - 47
Washington Lawyer - May 2019 - Last Word
Washington Lawyer - May 2019 - Cover3
Washington Lawyer - May 2019 - Cover4
http://washingtonlawyer.dcbar.org/may2019
http://washingtonlawyer.dcbar.org/april2019
http://washingtonlawyer.dcbar.org/march2019
http://washingtonlawyer.dcbar.org/january2019
http://washingtonlawyer.dcbar.org/november2018
http://washingtonlawyer.dcbar.org/november2018
http://washingtonlawyer.dcbar.org/november2018
http://washingtonlawyer.dcbar.org/august2018
http://washingtonlawyer.dcbar.org/august2018
http://washingtonlawyer.dcbar.org/June/July2018
http://washingtonlawyer.dcbar.org/april2018
http://washingtonlawyer.dcbar.org/March2018
http://washingtonlawyer.dcbar.org/February2018
http://washingtonlawyer.dcbar.org/january2018
http://washingtonlawyer.dcbar.org/december2017
http://washingtonlawyer.dcbar.org/November2017
http://washingtonlawyer.dcbar.org/september 2017
http://washingtonlawyer.dcbar.org/september 2017
http://washingtonlawyer.dcbar.org/august2017
http://washingtonlawyer.dcbar.org/july2017
http://washingtonlawyer.dcbar.org/June2017
http://washingtonlawyer.dcbar.org/may2017
http://washingtonlawyer.dcbar.org/april2017
http://washingtonlawyer.dcbar.org/march2017
http://washingtonlawyer.dcbar.org/february2017
http://washingtonlawyer.dcbar.org/january2017
http://washingtonlawyer.dcbar.org/december2016
http://washingtonlawyer.dcbar.org/november2016/
http://washingtonlawyer.dcbar.org/october2016
http://washingtonlawyer.dcbar.org/september2016
http://www.nxtbookMEDIA.com