Page 11 - Minnesota Vol 8 No 4
P. 11

MANAGING THE RISKS
Managing and staying ahead of these attacks requires vigilance, planning, and strategic thinking. Fortunately, staying on top of basics can substan- tially reduce the chance of a successful attack.
AN AFFORDABLE PLAN IS OUT- LINED BELOW:
Implement email protection tech- nology:  ere are many technology solutions that can proactively identify and  ag spam and phishing emails.  ese technologies have matured sig- ni cantly and do a great job of weeding out most such attacks.
Continuous patching: Most attack- ers will take the path of least resistance.  is o en means taking advantage of well-known security vulnerabilities.  e good news is that most so ware vendors regularly release patches that remove security vulnerabilities. Law  rms should get in the habit of regu- larly deploying these patches, perhaps by designating a day of the week that is meant for security patches and reli- giously adhering to that schedule.
Multi-factor authentication: Law  rms should enable multi-factor au- thentication for all systems deemed critical, including entry to all  rm laptops. Multi-factor means having at least two of the following attributes to gain entry: something you know (e.g. a password); something you have (e.g. a phone that can be used to receive a token); or something you are (e.g. bio- metrics for  ngerprint recognition).  is is an extremely e ective technique to prevent an attack because even if attackers acquire the username/pass- word combination, they cannot enter because they don’t have the second fac- tor.
Ongoing security awareness training and social engineering testing:  is is
to reduce the risk of gullible employ- ees falling for phishing and social en- gineering attempts. Ongoing security awareness training keeps increasing their cybersecurity baseline, and on- going social engineering testing (e.g. simulated phishing attacks) lets you know who your most vulnerable em- ployees are.
Lock storage devices on USB ports: Infected USB drives are one way to spread ransomware or malware. Lock- ing USB drives to disable all storage de- vices makes a tremendous di erence. An alternative to USB storage drives may be cloud storage sites, which tend to be more secure because they provide built-in multi-factor and the so ware on these sites is typically well-tested, well-protected, and continuously up- graded for security.
Cybersecurity insurance:  is insur- ance is designed to provide protection before, during, and a er an attack. Many large insurers have started to o er this insurance. On the preven- tive side, this insurance provides many valuable resources such as security training and some basic technologies. Forensic and response services are provided during the incident. And no- ti cation, communication, and legal expertise are provided a er the breach.
Cyber threats are real threats for law  rms.  inking proactively and putting these basic controls in place substantially reduces the risk and en- hances the cybersecurity posture of the law rms.
DR. ANAND SINGH IS A SEASONED CHIEF INFORMATION SECURITY OFFICER. HE IS ALSO AN ADJUNCT FACULTY MEMBER IN THE CYBERSECURITY AND PRIVACY LAW CERTIFICATE PROGRAM AT MITCHELL HAMLINE SCHOOL OF LAW. YOU CAN FOL- LOW HIM ON TWITTER @SECURITYBEAT. HE CAN BE REACHED AT [email protected] GMAIL.COM.
AttorneyAtLawMagazine.com
11


































































































   9   10   11   12   13