Brooklyn Bar Association hosts commonsense cyber security for lawyers
The Brooklyn Bar Association’s Computer and Technology Committee hosted a continuing legal education (CLE) seminar in Brooklyn Heights on Monday titled “Common Sense Cyber Security” where lawyers learned best practices to avoid being hacked.
BBA Trustee Daniel Antonelli served as the moderator for the two-hour discussion that featured David Bensinger of Bensinger Technology. The topics included ways to help identify potential risks to understanding how to increase cybersecurity safeguards within a law firm to protect client and personal information.
“David helps my firm with our IT needs and we really appreciate his services which is why I’ve invited him to come speak on cyber security,” Antonelli said. “It has become something that people can’t ignore because you read about it in the newspaper every day — there was Equifax, the 2016 Democratic National Committee (DNC) email hack and divorce attorneys know about the Ashley Madison hack. That’s just a short list.”
Bensinger discussed examples of major attacks and what to do if people suspect an attack has happened. He recommended that people seriously concerned about protecting private information consult with an IT specialist because, as he put it, there is no way to make your systems completely secure.
“Even if you buy the best possible security, you can still be hacked,” Bensinger said. “If you do it right, you can protect yourself much better. But you cannot expect that nobody will have unauthorized access to your systems. That’s just not a valid way to think about your business these days. It’s a matter of adding security and combining it with common sense.”
Bensinger stressed the idea of common sense. He explained that often a casual human error is the cause of breached security due to social engineering where hackers figure out clever ways to trick people.
“Social engineering is the art of manipulating people so that they give up confidential information or take inappropriate actions,” Bensinger said. “It’s an old con. It can be email, text or even in person. This is the most popular form of hacking because it is so easy and cheap that takes very little skill to implement.”
An example of this was the DNC hack where hackers were able to breach DNC’s security by sending out phony emails pretending to be someone they weren’t. It’s called phishing and it relies upon social engineering to manipulate people into bad actions.
Bensinger said that law firms can be especially threatened because they’re seen as rich targets. Often people will target firms trying to get to their clients, or are vulnerable because they’re using remote access software to login from remote locations.
“One time they had the partner’s names, they knew who they were,” Bensinger said. “I don’t know if it was a client they were specifically going after or if it was just a rich firm, but it’s not uncommon for a law firm to come to us and saying that they’ve experienced a pattern of attacks.”
He suggested that firms adopt policies and procedures in case of an attack. The National Institute of Standards and Technology has a list of recommendations for cybersecurity framework that companies can use as a guide.
In the event of a suspected attack, he suggested contacting an IT firm immediately and he said that sticking to simple and well known applications is the best practice to avoid getting hacked.
Leave a Comment
Leave a Comment