Courts and Law Brooklyn Boro

Brooklyn Bar CLE teaches lawyers the basics of cybersecurity

February 15, 2023 Rob Abruzzese
David Bensinger is a professional IT support executive that provides IT and Cybersecurity Consulting Services for law firms and other businesses in and around New York City through his website Bensingertech.com. He is a graduate of the University of Wisconsin-Madison and got a PhD at the University of Rochester. Screenshot via Zoom
Share this:

The Brooklyn Bar Association recently hosted David Bensinger for a continuing legal education seminar on cybersecurity on Thursday, Feb. 2 virtually via Zoom.

The seminar is part of an effort by the BBA to ensure that lawyers are able to fulfill the new cybersecurity training as part of their biennial CLE requirements.

“The ethics component is more about what you need to know about your obligations,” said Daniel Antonelli, chair of the BBA’s Computer Technology Committee. “That includes case law and ethics rulings about when attorneys have reached their obligation and where that standard actually lies. The substantive component is more about cyber security – how to protect your information and how to protect your client’s information.”

Subscribe to our newsletters

Bensinger has given CLE lectures at the Brooklyn Bar Association in the past, and serves as the IT person for Antonelli’s law firm Antonelli & Antonelli.

“We supply IT and cybersecurity services for law firms around NYC,” Bensinger said. “We design their infrastructure so they can be safe and secure in their jobs. Security has always been a part of IT services, but it has taken the driver’s seat with ever increasing cyber attacks that seem to get a little bit worse every year despite our best efforts to keep protected.”

Bensinger called cybersecurity an “arms race” between bad-faith actors and software companies. He said, though, that the best defense against cyber attacks often involves people and not their computers.

“We’re going to focus on social engineering because that’s really the biggest thing that you and your firm can do to stay safe,” Bensinger said. “Social engineering is just manipulating someone to get them to share information they shouldn’t. The bottom line here is common sense. You can read all you can and keep up to date, but there is always going to be a new attack out there.”

Bensinger suggested that firms can hire companies to conduct phishing simulations, where their employees are tested to see if they might fall victims to common scams.

“Really look at your emails and communications and ask yourself – does this make sense?” Bensinger continued. “I get emails all day long and you have to ask, ‘is this legitimate?’ Do you know this sender? Maybe you do, but do you recognize the email address? You can always call someone and say, ‘I got an invoice from you that I wasn’t expecting. Is this really you?’”

Another important to stay protected is to come up with an incident response plan, a plan that goes over steps that you and your employees need to take when something has gone wrong.

The newest problems are called “supply chain attacks,” Bensinger said. He explained that it occurs when criminals put bad code directly into software so that it uploads to a computer when installed.

“The real problem with these from my perspective, you get an update from Microsoft, it’s the official update that you need to keep your software secure,” Bensinger said. “Little did we know there is some malware inside that package and there are no safety precautions put in place. It isn’t until the software company realizes that it’s not what they expected.”


Leave a Comment

Related Articles

Leave a Comment