9/19/2018 UNSAFE AT ANY SPEED: CYBERSECURITY FOR LAWYERS MICHAEL P. HANNIGAN KONICEK & DILLON, P.C. UNDERSTANDING THE PROBLEM • Insecure Communications vs. Insecure Credentials 1
9/19/2018 IMPORTANT TERMS • Phishing • Spear Phishing • Social Engineering • Spoofing • Human Error METHODS • Email attachments • Insecure servers • Inadequate protocols 2
9/19/2018 EXAMPLES • 16 Year Old “C0mrade” Hacks Marshall Space Flight Center • NASA Shut Down for 21 Days • Hacked Defense Threat Reduction Agency • Hacked Military Computers • 15 Year Old Hacks US Intelligence Officials • Accesses CIA, DOJ, and Homeland Security • 15 Year Old “MafiaBoy” crashes Yahoo, CNN, Ebay, Amazon, and Dell • 19 Year Old Hacks FBI-Interpol Conference Call on Hacking EXAMPLES • Demonstrations of hacking law firms using inexpensive software available online • 12 Year Old “Cyber Ninja” • Demonstrates how easy it is to turn any computer into a listening, recording, or visual device 3
9/19/2018 IMPACT ON LAWYERS • Real Estate industry vulnerable and primary • “IMPORTANT NOTICE: Never trust wiring target instructions sent via email. Cyber criminals are hacking email accounts and sending • New duties imposed on attorneys as emails with fake wiring instructions. These technology changes emails are convincing and sophisticated. • Undefined standard of care Always independently confirm wiring • Need to take new precautions instructions in person or via a telephone call to a trusted and verified phone number. • Need to reassess risks and exposure Never wire money without double-checking that the wiring instructions are correct.” RULE 1.1 COMPETENCE • “A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” 4
9/19/2018 COMMENT 8 TO RULE 1.1 • “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.” PROFESSIONAL NEGLIGENCE ELEMENTS • Duty of care arising from an attorney-client relationship • Breach • Proximate Cause • Actual Damages 5
9/19/2018 JURY INSTRUCTION – PROFESSIONAL NEGLIGENCE • “A lawyer must possess and use the knowledge, skill, and care ordinarily used by a reasonably careful lawyer. The failure to do something that a reasonably careful lawyer would do, under circumstances similar to those shown by the evidence, is ‘professional negligence.’ • “The phrase ‘deviation from the standard of care’ means the same thing as ‘professional negligence.’ • “The law does not say how a reasonably careful lawyer would act under these circumstances. That is for you to decide. In reaching your decision, you must rely upon opinion testimony from qualified witnesses and evidence of professional standards. • “You must not attempt to determine how a reasonably careful lawyer would act from any personal knowledge you may have.” BEST PRACTICES • Preventative Protocols • Immediate Response • Staff • Kill Chain Process • Attorneys • Self • Two-factor authentication • Instructions to clients • Disclaimers and Warnings on Emails 6
Recommend
More recommend
