Cybersecurity: Not just for biglaw and its clients (WSJ, 27 Oct 2014) – Cybersecurity is an increasingly big priority for law firms with big financial institution clients. But it can be a matter of life and death for lawyers doing pro bono work with clients in troubled countries who are battling human trafficking, terrorism and other human rights violations. The interception of sensitive documents by criminals or unfriendly governments can compromise the safety of in-country clients, and in some cases the attorneys with whom they work. “Human rights really is cloak-and-dagger,” Christina Storm, a lawyer and founder of the non-profit group Lawyers Without Borders , told Law Blog. “Lawyers put themselves at risk, and every person in-country who reaches out to us puts themselves at risk.” Ms. Storm’s group focuses on strengthening the rule of law around the world. The organization works with law firms big and small as well as solo practitioners on cases that range from electoral reform to strengthening protections for gay, bisexual and transgender people in African countries. Such work isn’t always popular. In some places, government surveillance might involve keyloggers that track communications between dissidents and their lawyers. Confidential documents that fall into the wrong hands can expose both sides to danger, Ms. Storm said, adding, “Their safety is important to us.” Lawyers Without Borders takes some of its security cues from the big law firms it works with, such as Reed Smith LLP and Linklaters, whose corporate and financial clients requirement myriad steps to prevent hackers from accessing confidential information. At one point the organization tried using encrypted email, but the program was so cumbersome that people abandoned it because it was hard to use. Another document management system ended up being accessed by authorities in an unfriendly country, and the whole thing had to be scrapped.

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/sumetho

The number of industries getting classified cyberthreat tips from DHS has doubled since July (NextGov, 20 Oct 2014) – Firms from half of the nation’s 16 key industries, including wastewater and banking, have paid for special technology to join a Department of Homeland Security program that shares classified cyberthreat intelligence, in hopes of protecting society from a catastrophic cyberattack. Participation in the Enhanced Cybersecurity Services initiative has more than doubled during the past few months. Through the voluntary program – previously exclusive to defense contractors – cleared Internet service providers feed nonpublic government information about threats into the anti-malware systems of critical sector networks. As of July, only three industries – energy, communications and defense – were using the service, according to an unfavorable DHS inspector general audit . Now, befitting National Cybersecurity Awareness Month, Homeland Security officials say the financial, water, chemical, information technology and transportation sectors also are receiving the threat indicators. Just two months ago, American Chemistry Council officials said they had never heard of the program . The service has been available since 2013.

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/KROMKRATHOG

Law firms face cybersecurity audits by banking clients; are they a ‘weak link’? (ABA Journal, 27 Oct 2014) – Banks are increasingly scrutinizing their law firms’ cybersecurity efforts, including the law firms’ protection of confidential information released to vendors such as word-processing firms and print shops. The law firms are increasingly facing on-site technology audits by banks, even as the banks themselves face cybersecurity pressures from regulators, the Wall Street Journal (sub. req.) reports. Just last week, New York’s Department of Financial Services sent letters to dozens of banks asking about protections for information sent to third-party vendors such as law firms and accounting firms, according to a separate story by the Wall Street Journal (sub. req.). “Law firms increasingly are seen as potential weak links,” the Wall Street Journal says. “Clients often entrust them with everything from valuable trade secrets to market-moving details on mergers and acquisitions.” The story cites information from an American Bar Association technology survey that found 14 percent of the respondents had experienced some type of security breach or theft this year. But only 1 percent said the breach resulted in unauthorized access to sensitive client data. The Wall Street Journal spoke with Goodwin Procter’s chief information officer, Lorey Hoffman, who works with examiners sent by clients who want to know about data protection. The firm also hires its own auditors to check its cybersecurity. “It’s a lot more than just checking a box,” Hoffman said of the firm’s response to client security questions.

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/renjithkrishnan