Cyber threats and Defenses

In a smaller firm, the e-mail's subject line might well read "Referring a case to you" - that would certainly be appealing in these uncertain economic times. Over and over again, it has been demonstrated that "spear phishing" is the most successful weapon for getting into a law frm's network. Here's another reason to be wary, this one from Alan Paller, the director of research at the SANS Institute: "If I want to know about Boeing and I hack into Boeing, there are a billion files about Boeing. But if I go to Boeing's international law firm, they're perfect. They're like gold. They have exactly what I'm looking for. You reduce your effort." "I'msickofLindsayLohan!" is simple enough to remember and complex enough to confound a would-be password cracker. Using characters that are non-letters helps add to the complexity and therefore to your security. The English alphabet contains just 26 letters, but there are 95 letters and symbols on a standard keyboard. "Mixing it up" makes it even more difficult for cybercriminals to break your password. Whatever you do, make sure you do take passwords seriously. We know from experience that most lawyers are not going to buy a product like the IronKey or use a product like eWallet. This may change as the years go by, but for now, the majority will simply come up with passwords on the fly as required. If that sounds like you, at least take heed of the message conveyed by the Georgia Institute of Technology and make your passwords strong 12-character passwords. At least then you will have demonstrated that you took "reasonable measures" to protect client confidentiality.