Top Security Threats Faced by Today’s Law Firms

Posted by Daniel Garcia on Sep 27, 2016 4:20:53 PM


Mobile_Security_eBook_Blog.png

 

The following post is an excerpt from our popular ebook Ultimate Guide: Mobile Security in the Legal Industry. Be sure to check out the full version of the ebook for everything you need to know to keep your firm secure.

 

Keeping a secure environment is one of the biggest challenges faced by law firms today. In 2014, 1,023,108,267 records were breached. According to Consumer Reports, 5.2 million smartphones were lost or stolen in the U.S. the same year. Therefore, it should not be a surprise that the #1 weak security link is perceived to be mobile devices, according to CyberEdge Group.

 

Let’s review the top security threats faced by law firms.

#1: Devices Lost or Stolen

Devices are lost or stolen frequently, and they pose both a direct and an indirect risk of data leakage:

  1. Any data stored on the device should be considered compromised.
  2. Any credentials, VPN settings, etc. stored on the device is also compromised and can be used to access your backend servers.

Protect Your Firm

Do not store data on devices if you can avoid it. If data is stored on the lost/stolen device, issue a remote wipe to clear any credentials. Revoke device registration and reset user accounts to prevent access to backend servers. Check server logs, if no access is detected, then there is no need to notify clients because no data was leaked. Determine affected clients and notify them that their data has been leaked.

#2: Unsecure Connections and Malicious Hotspots

Your users will want to connect to public Wi-Fi wherever they go, especially the modern, mobile attorney. It is possible to intercept data as it is being transmitted, so your first reaction may be to ban usage of Wi-Fi. However, using public Wi-Fi should be mostly ok provided you follow two simple rules:

1.If the App accesses any servers, make sure it only uses SSL connections.

2.If the App requires direct access to your backend servers, make sure it uses a VPN.

Protect Your Firm

If you have followed our recommendations,the App will not require direct access to your backend servers. To avoid man-in-the-middle attacks, make sure that the App only uses SSL connections and will only accept valid SSL certificates. For additional protection the App can implement SSL certificate pinning.

If you have not followed our recommendations, a VPN is still a good way to protect against data leakage as it is transmitted to/from the mobile devices and your backend servers. The downside is that a lost device preconfigured with VPN settings could become an attack vector against your network.

#3: Phishing Attacks

During a phishing attack your users receive a fake email requesting that the email recipient take some action, ex. change their password. When the user clicks on the email a fake website opens (looking like the real thing) and waits for the user to enter their password. The attacker can now use the password to impersonate the user and access his/her data.

Protect Your Firm

If you have followed our recommendations, the App will require two-factor authentication. This means the attacker will not be able to impersonate the user with just the password. Reset the user account.

If you have not followed our recommendations, you will need to check the server logs to determine if data has been accessed. If not, simply reset the user account. If data was accessed, then a data leak has occurred. Determine affected clients and notify them that their data has been leaked.

#4: Device Compromise and Malicious Downloads

Devices can be compromised by a virus or other malware, and sometimes, users themselves download malicious Apps from untrustworthy sites. A compromised device creates two kinds of risk:

  1. Any data stored on the device should be considered compromised.
  2. Next time the device connects to your VPN the malware can spread its payload on your internal network.

Protect Your Firm

If you have followed our recommendations, the App will not store any data on the device and will not need to connect directly to your backend servers. The device can be simply wiped clean or restored to factory settings. Reset user accounts to prevent access to backend servers. Check server logs, if no access is detected, then there is no need to notify clients because no data was leaked.

If you have not followed our recommendations, a data leak has occurred. Follow the same procedure and then determine affected clients and notify them that their data has been leaked.

#5: Server Compromise

During App selection make sure you understand what firewall/VPN entry points the App uses to communicate with your backend servers – if any at all. These firewall openings can potentially be used by attackers to scan for and exploit vulnerabilities in your internal network and compromise your backend servers. This threat is especially dangerous because your servers contain an enormous amount of client data.

Protect Your Firm

If you have followed our recommendations, the App will not require any connection with your backend servers and there will not be any risk of server compromise.

If you have not followed our recommendations, you should constantly be vigilant and scan your internal network for any unpatched vulnerabilities. Monitor suspicious behavior and configure instant alerts to know when something is not right. Check server logs, if any unauthorized access is detected a data leak has occurred. Reset user accounts, determine affected clients and notify them that their data has been leaked.

#6: Traveling Abroad

Many countries outside of the United States experience an increased frequency of malware, malicious hotspots, privacy attacks, etc. Kaspersky Labs measures the countries with the most malicious mobile software attacks on users, view the real-time map here.

Protect Your Firm

Detection/Triage of a compromised device is hard, so you are best not to rely on it. It is better to consider a loaner program for especially risky destinations:

  •  No long term storage of data
  •  Wipe/Reset device upon return

How have you addressed these security threats at your firm? Be sure to download the full ebook to learn more about how to prevent your firm from experiencing a breach.

Mobile Security in Legal

Share this Post:

Back to Top | Blog Home

Topics: Mobility, Security, mobile security