Click me
Transcribed

The Downright Terrifying Cost of a Data Breach

THE DOWNRIGHT TERRIFYING COST OF A DATA BREACH In 2016 there have been more than 454 reported data breaches with nearly 12.7 million records exposed. In 93% of breaches, attackers take minutes or less to compromise systems. THE COST OF DATA BREACHES INCLUDE: Crisis management services D. Breach notification expenses Communication plan Fulfillment of state and federal compliance obligations Forensic investigations Credit monitoring for individuals whose data has been breached Legal counsel IEM IBM'S 11TH ANNUAL COST OF DATA BREACH STUDY, CONDUCTED BY PONEMON INSTITUTE FROM 2015 TO 2016, FOUND: 4M $158 3.8M The average cost incurred for each lost or stolen record containing sensitive and confidential The study also examined the impact of Business Continuity Management (BCM) on the cost of a The average consolidated total cost of a data breach grew from $3.8 million to $4 million. information increased from data breach. $154 to $158. ORGANIZATIONS WITH BCM EXPERIENCED: 29% ($9 52 15% 36 A $9 reduction in per capita cost of a data 52 fewer days to identify a data breach 36 fewer days to contain a data breach 15% decrease in 29% decrease in the total cost of a data breach the likelihood of a breach in the breach next 2 years DATA BREACHES AND LAW FIRMS: WHAT YOU NEED TO KNOW Law firms are among the most vulnerable targets of cyber attacks. AMERICAN LAW FIRMS ARE ESPECIALLY VULNERABLE BECAUSE THEY HANDLE AND STORE: In 2011, the FBI began organizing meetings with the top firms in New York City and other major American cities to discuss the increasing threat of cyber security breaches. Corporate secrets (such as potential deals) This is especially important for firms with offices in countries like China and Russia. Business strategies (such as mergers and acquisitions intel and patent applications) Intellectual property Because they act as Though many firms have moved to be more proactive, cybersecurity firm Flashpoint issued an advisory alert in February stating that nearly 50 prestigious U.S. law firms had been targeted by foreign cyber criminals seeking insider information. warehouses of client and employee data, firms must acknowledge that they are not immune to data breaches IN APRIL, 11.5 MILLION FILES AND 2.6 TERABYTES WERE HACKED FROM THE DATABASE OF THE WORLD'S FOURTH BIGGEST OFFSHORE LAW FIRM, MOSSACK FONSECA. This leak is known as The Panama Papers, because Mossack Fonseca is based in Panama, though the firm boasts a global network of 600 people working in 42 countries. O00000 The documents show, This leak is one of the In the aftermath of the largest information leaks in history. among other things, how clients-including high-profile politicians-allegedly hid assets. breach, Mossack Fonseca was maligned for alleged poor security practices. 10 MANY FIRMS ARE BEHIND WHEN IT COMES TO Cyber security is expensive There's a steep Many law firms have not prioritized IT security CYBERSECURITY BECAUSE: technological learning curve 7th In its 2015 Annual Security Report, Cisco Systems Inc. ranks law firms as the 7th most vulnerable industry to malware encounters, but that ranking is obscured law firms have few strict reporting requirements by which they Cybercrime has plagued U.S. law firms for more than a decade. the fact that The frequency of attempts and attacks has increased must abide. substantially. THE AMERICAN BAR ASSOCIATION'S 2015 LEGAL TECHNOLOGY SURVEY FOUND NEARLY 1 IN 4 LAW FIRMS WITH Hacker Website Break Lost or stolen attack in computer or smartphone AT LEAST 100 ATTORNEYS HAVE EXPERIENCED A BREACH DUE TO A: PERCENTAGE OF FIRMS THAT EXPERIENCED A DATA BREACH Solo 2-9 attorneys 0 10-49 attorneys 100-499 500 or more 6% 14% 10% O 11% 15% 24% 10% 13% 9% 16% 12% 12% 13% 16% 19% 14% 23% W 23% O 10% 17% This data is drawn from the American Bar Association's 2015 Legal Technology Survey of roughly 880 lawyers. 80% More than 80% of respondents from firms with more than 100 attorneys said they didn't know if their firm had cyber liability More than half of attorneys surveyed said they didn't know if their firm has ever had a full security assessment conducted by an independent third party. insurance. Only 11.4% could say for sure that their firm had cyber liability insurance. IN A 2015 STUDY OF THE LEGAL INDUSTRY'S i INFORMATION SECURITY ASSESSMENT PRACTICES IN CONJUNCTION WITH ILTA LEGALSEC, RESEARCHERS FOUND: A 15 to 20% 66% 29% 70% increase since 2014 of legal organizations surveyed have no staff roughly 70% of respondents conduct vulnerability scanning assessments and penetration tests have 1 to 5 staff members allocated to devoted to information information security security LEGAL ORGANIZATIONS DEEMED More than 70% of THESE SECURITY THREATS AS THE organizations utilize intrusion detection/prevention and automated patch management technologies. MOST CONCERNING: But less than 30% of them have additional core technologies such as: Employee negligence Phishing/vishing (voice phishing) Virus, worm, and Digital loss prevention Security information malware threats and event (ILTA Report 2015] management (SIEM) IN THE CASE OF A BREACH, LAW FIRMS MUST CONTEND WITH: CLOSING Damage to the firm's reputation Loss of The threat of client business malpractice lawsuits A NUMBER OF FEDERAL LAWS REQUIRE LAW FIRMS TO PROTECT CERTAIN CATEGORIES OF INFORMATION. THESE LAWS INCLUDE: The Health Insurance The Fair and Accurate The Gramm-Leach Portability and Accountability Act Credit Transactions Act Bliley Act CLOSED As of 2014, at least 47 states had enacted legislation requiring private and governmental entities to notify people of security breaches that involved personally identifying information (PII). The survival of a law firm following a data breach often depends on whether or not the firm has sufficient financial resources. TAKE THESE STEPS TO HELP PREVENT A CYBERSECURITY BREACH AT YOUR FIRM DEVELOP A COMPREHENSIVE INFORMATION SECURITY PLAN AND BREACH PREPAREDNESS PLAN A response plan enables decisive Consult the Routinely back up data and keep copies at an off-site location or American Bar and timely action if and when a Association Cybersecurity Handbook for breach occurs. in a secure cloud. starting points. LIMIT ACCESS CONDUCT A RISK ASSESSMENT Limit access to computer systems, email, and directories to known and trusted users. Knowledgeable, independent IT vendors can help. Implement and follow strict A uniform password policy is one of the most effective and password policies. inexpensive ways to protect data. PASSWORDS SHOULD BE: *X12 ***** ******* A minimum of 12 characters Not repeated ?@_Aa!12345# Complex with a combination of letters (upper and lower case), numbers, and symbols Changed regularly CONSIDER PASSWORD MANAGERS SUCH AS: LastPass KeePass Dashlane 1Password USE ENCRYPTION TECHNOLOGY On servers, desktops, laptops, and mobile devices PIAND68 34JFLDSL ENMOH IAND68 4JFLDSL ENMOH 1ABDA32 WINST 1ABDA 830743 WINST AABDA DSL 830743 WINST 1ABDA32 8307432H Lost or stolen laptops If a device is encrypted, the information will likely and other devices are a top cause of law firm data breaches. WINSTONDANGILJOHNKASEYKRISTENMO not be accessible. According to a 2013 American Bar Association survey, all forms of encryption-including file, email, and full-disk encryption-are the security features used least frequently by law firms. CONSIDER CLOUD When firm and client information is stored in the cloud abroad, it may be subject to international search-and-seizure laws. The cloud is used by nearly two-thirds of lawyers in their practices. ASK THE RIGHT QUESTIONS WHEN YOU SELECT A CLOUD PROVIDER: 4326AHDAHAD -? LUOFAO4QER 89OTHE OTO1 TONMO1029MA Will the data be If so, can it be subject to search and seizure? Do you provide adequate security to protect your data? Will the information stored be encrypted? internationally? BEWARE OF PHISHING EMAILS Phishing emails, which are designed to look like they are sent from a trusted source (such as a client or colleague) can infect computers with dangerous malware once they are opened. 30% of phishing emails are opened. About 12% of targets go on to click the link or attachment. PHISHING EMAILS CAN ACQUIRE SENSITIVE INFORMATION INCLUDING: 2$. Usernames Passwords Credit card details Money Spear phishing is a type of phishing directed at specific individuals or companies. A 2012 survey found that more than one-third of law firm respondents who reported experiencing a spear phishing attack in the past year believe the attack resulted in the compromise of user login credentials or unauthorized access to corporate IT systems. KEEP ANTI-VIRUS AND SECURITY SOFTWARE UP TO DATE Regularly apply recommended patches. EDUCATE EMPLOYEES DON'T FORGET ABOUT THIRD-PARTY VENDORS Roughly 40% of law firms outsource 40% some crucial functions, such as legal research, IT, and e-discovery. About confidentiality issues, cybersecurity, and password protection **** Third-party vendors have Assess whether your vendors use become a vulnerable point of attack for many law firms. password protection, encryption, and antivirus software. Provide instruction on related policies and practices including: 2$ Include relevant security issues in Review the Internet Social media Email vendor's contract usage usage usage contracts. to find out who will be expected to cover the cost of a The root cause of data breach. approximately 25% of breaches can be 25% attributed to a negligent employee or contractor. Consider conducting a full security audit of any prospective vendor. CONSIDER CYBER LIABILITY INSURANCE Coverage can help law firms with data breach costs including those associated with: CLOSED Privacy breach notification Litigation Loss of Fines and income penalties As a law firm, it's not only in your best interest to have strong data security protocols-it's a necessity. Follow these tips to protect your information. bitsighttech.com cna.com cybersecuritydocket.com ibm.com ohiobar.org dealbook.nytimes.com nytimes.com law360.com businessinsurance.com theguardian.com forbes.com wired.com bloomberg.com bol.bna.com shop.americanbar.org lawmarketing.com proofpoint.com Brought to you by: In partnership with: logikcull GHERGICH&Co. 2014 2012 2015 2013 CH

The Downright Terrifying Cost of a Data Breach

shared by Ghergich on Sep 15
158 views
1 share
0 comments
In 2016 there have been over 454 reported data breaches with nearly 12.7 million records exposed! Read about the costs of cybersecurity breaches for law firms as well as tips to safeguard data and hel...

Publisher

Logikcull

Category

Technology
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size