An interesting article came through our feed today mentioning the need for cyber security in law firms. As an information security company that works with law firms, we couldn't agree more. The article makes a number of points, but leaves a couple of critical things out, and we'd like to cover those here. It's worth noting that the advice here applies to practically any organization (not just law firms).
The article suggests the following five items for all law firms to increase their security:
Use password managers
Update computer software
Use encryption software
Use encryption software
Use multi-factor authentication (MFA/2FA)
Risk landscape for law firms
At Rendition Infosec, we don't fundamentally argue with any of these. We do however think that this falls well short of information security best practices for most law firms. The reality is that lawyers deal with sensitive data every day and that makes them a target for attackers. Sensitive data might include mergers and acquisitions information from clients. This data, if compromised, can have major economic impacts to both the law firm and the client.
Attackers may also target law firms for more than just the data they have. Many users, even those at the most secure organizations, expect email communication from external counsel. Attackers may target law firms as a way to get into other networks more easily. Law firms should think of this as extending their cyber risk to their clients.
Read the rest of the story at the Rendition Infosec blog.
The article suggests the following five items for all law firms to increase their security:
Use password managers
Update computer software
Use encryption software
Use encryption software
Use multi-factor authentication (MFA/2FA)
Risk landscape for law firms
At Rendition Infosec, we don't fundamentally argue with any of these. We do however think that this falls well short of information security best practices for most law firms. The reality is that lawyers deal with sensitive data every day and that makes them a target for attackers. Sensitive data might include mergers and acquisitions information from clients. This data, if compromised, can have major economic impacts to both the law firm and the client.
Attackers may also target law firms for more than just the data they have. Many users, even those at the most secure organizations, expect email communication from external counsel. Attackers may target law firms as a way to get into other networks more easily. Law firms should think of this as extending their cyber risk to their clients.
Read the rest of the story at the Rendition Infosec blog.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.