attorney obligations for safekeeping client information · cyber security . threats . 8 . the...
TRANSCRIPT
![Page 1: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/1.jpg)
Attorney Obligations for Safekeeping Client Information ATG LEGAL EDUCATION
Audio problems? Listen by phone: 877.691.9300 Access Code: 7521231#
You are now logged in to ATG Legal Ed Connect.
Attorney Obligations for Safekeeping Client Information May 24, 2017
Program Time Today’s presentation will begin at 12:00 noon.
Sound Quality To improve sound quality, please close all other applications.
Download Education Materials Documents for today’s seminar may be downloaded and printed at any time by visiting your ATG Legal Education homepage. Locate today’s seminar under My Registrations and click More Details. Near the end of the seminar description, click Program Notes.
Problems? If you experience any problems during this presentation, please call 800.252.0402, then press “0” for the operator.
![Page 2: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/2.jpg)
Attorney Obligations for Safekeeping Client Information ATG LEGAL EDUCATION
Audio problems? Listen by phone: 877.691.9300 Access Code: 7521231#
Attorney Obligations for Safekeeping Client Information May 24, 2017
Presented by: Scott Renfroe Chief of Supreme Court Practice Attorney Registration and Disciplinary Commission of the Supreme Court of Illinois
![Page 3: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/3.jpg)
Cyber Security Basics
3 www.SchumannLaw.com
• Minimize Your “Digital Footprint”
• Make that Smaller Footprint Harder to Hack
![Page 4: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/4.jpg)
Cyber Security Threats
4 www.SchumannLaw.com
The American Lawyer:
“Chicago's Johnson &
Bell First US Firm Publicly
Named in Data Security Class Action”
December 9, 2016
![Page 5: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/5.jpg)
Cyber Security Threats
5 www.SchumannLaw.com
The American Lawyer: Class action attorney Jay Edelson claims, in first public data
security class action complaint against a
U.S. Law Firm: • Time entry system “10 years old”,
susceptible to hacking, had not been updated with security patches
![Page 6: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/6.jpg)
Cyber Security Threats
6 www.SchumannLaw.com
The American Lawyer: Class action attorney Jay Edelson claims, in first public data
security class action complaint against a
U.S. Law Firm:
• Troves of confidential information available to hackers
![Page 7: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/7.jpg)
Cyber Security Threats
7 www.SchumannLaw.com
The American Lawyer: Class action attorney Jay Edelson claims, in first public data
security class action complaint against a
U.S. Law Firm:
• Firm’s Virtual Private Network (VPN) susceptible to
attack
![Page 8: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/8.jpg)
Cyber Security Threats
8 www.SchumannLaw.com
The American Lawyer: Class action attorney Jay Edelson claims, in first public data
security class action complaint against a
U.S. Law Firm:
• Firm’s e-mail system susceptible to same type of hack believed used against Panama’s Mossack Fonseca
![Page 9: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/9.jpg)
Cyber Security Threats
9 www.SchumannLaw.com
Mac Users: Think It Can’t
Happen To You?
![Page 10: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/10.jpg)
Cyber Security Threats
10 www.SchumannLaw.com
Snake Malware Attacks Macs
![Page 11: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/11.jpg)
Professional Responsibility
11 www.SchumannLaw.com
Illinois Supreme Court Rules: • Rule 1.1: Maintaining Competence –
Comment [8] recently amended -- refers to keeping abreast of changes in the law and its practice, “including the benefits and risks associated with relevant technology”
![Page 12: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/12.jpg)
12 www.SchumannLaw.com
Illinois Supreme Court Rules: • Rule 1.6(e): Confidentiality -- “A
lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
Professional Responsibility
![Page 13: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/13.jpg)
13 www.SchumannLaw.com
Illinois Supreme Court Rules: • Rule 1.6(e): COMMENT [18]: . . .
The unauthorized access to, or the unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (e) if the lawyer has made
Professional Responsibility
![Page 14: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/14.jpg)
14 www.SchumannLaw.com
Illinois Supreme Court Rules: • Rule 1.6(e): COMMENT [18]: . . . . (Continued) “reasonable efforts to prevent
the access or disclosure . . . “
Professional Responsibility
![Page 15: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/15.jpg)
15 www.SchumannLaw.com
Illinois Supreme Court Rules: • Rule 1.6(e): COMMENT [18]: . . . . Factors regarding what constitute
“reasonable efforts” include: • How sensitive is the
information
Professional Responsibility
![Page 16: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/16.jpg)
16 www.SchumannLaw.com
Illinois Supreme Court Rules: • Rule 1.6(e): COMMENT [18]: . . . . • Likelihood of disclosure if
additional safeguards not employed
• Cost of employing additional safeguards
Professional Responsibility
![Page 17: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/17.jpg)
17 www.SchumannLaw.com
Illinois Supreme Court Rules: • Rule 1.6(e): COMMENT [18]: . . . . • Difficulty of implementing
the safeguards and adverse effect on lawyer’s practice
• Client’s instructions; waiver • State or federal requirements
Professional Responsibility
![Page 18: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/18.jpg)
18 www.SchumannLaw.com
Illinois Supreme Court Rules: • Rule 4.4 (b): Inadvertent Disclosure • (b) A lawyer who receives a
document or electronically stored information relating to the representation of the lawyer’s client and knows that the
Professional Responsibility
![Page 19: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/19.jpg)
19 www.SchumannLaw.com
Illinois Supreme Court Rules: • Rule 4.4 (b): Inadvertent Disclosure • . . . document or electronically
stored information was inadvertently sent shall promptly notify the sender.
Professional Responsibility
![Page 20: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/20.jpg)
20 www.SchumannLaw.com
Illinois Supreme Court Rules: • “Inadvertently sent”? • COMMENT [2]: “A document
or electronically stored information is accidentally transmitted, such as when an email or letter is
Professional Responsibility
![Page 21: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/21.jpg)
21 www.SchumannLaw.com
Illinois Supreme Court Rules: • “Inadvertently sent”? • COMMENT [2]: . . .
“misaddressed or a document or electronically stored information is accidentally included with information
Professional Responsibility
![Page 22: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/22.jpg)
22 www.SchumannLaw.com
Illinois Supreme Court Rules: • “Inadvertently sent”? • COMMENT [2]: . . .
that was intentionally transmitted.”
• Includes embedded data
(metadata)
Professional Responsibility
![Page 23: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/23.jpg)
23 www.SchumannLaw.com
ISBA Professional Conduct Advisory Opinion 16-06: Use of Cloud-Based Services •Reasonable Measures •Confidentiality •Protect from Breaches
Professional Responsibility
![Page 24: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/24.jpg)
24 www.SchumannLaw.com
ISBA Professional Conduct Advisory Opinion 16-06: •Selecting a Provider •Duty to Assess Risks •Review Existing Practices
Professional Responsibility
![Page 25: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/25.jpg)
Background: “When, not if” …
25 www.SchumannLaw.com
Homeland Security and NSA Position – 2016: Top threats worldwide:
1. Cyber Attacks 2. Terrorism 3. WMDs
![Page 26: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/26.jpg)
26 www.SchumannLaw.com
Wells Fargo – March, 2013: Online banking jammed; logins blocked
Target – January 2014: Hackers stole credit card data - 40 million customers; personal information - 70 million customers
Home Depot – September 2014: Cyber attack - 56 million credit card numbers exposed; $62 million
Background: “When, not if” …
![Page 27: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/27.jpg)
27 www.SchumannLaw.com
JP Morgan Chase – October 2014: Breach affects about 76 million households and 7 million small businesses
Yahoo: 2014 Cyber attack hacks more than a billion accounts
Background: “When, not if” …
![Page 28: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/28.jpg)
28 www.SchumannLaw.com
Background: “When, not if” …
![Page 29: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/29.jpg)
29 www.SchumannLaw.com
DNC Cyber attack exposes weaknesses of DNC systems. Forensic Evidence of Russian involvement: 1. Timing of attacks on DNC correspond to Russian time zone, holidays. 2. One obvious digital fingerprint 3. Another batch of hacked Democratic emails released later pointed to known Russian actors. 4. U. S. formally accused Russia of hacking to try to affect outcome of U.S. Election.
Background: “When, not if” …
![Page 30: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/30.jpg)
30 www.SchumannLaw.com
DNC Cyber attack
Background: “When, not if” …
![Page 31: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/31.jpg)
31 www.SchumannLaw.com
DNC Cyber attack
Background: “When, not if” …
![Page 32: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/32.jpg)
32 www.SchumannLaw.com
Other Political Hacks • French 2017 Presidential Election -- ”Massive Hack”
Background: “When, not if” …
![Page 33: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/33.jpg)
33 www.SchumannLaw.com
Targets of Business Email Compromise
![Page 34: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/34.jpg)
34 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 Data Breach Investigations Report (DBIR): •Malware grew by 50% in 2016 •Will Continue to Increase Rapidly – not going away
![Page 35: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/35.jpg)
35 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR: •Malware now being used to
infect and control devices on the Internet of Things
![Page 36: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/36.jpg)
36 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR: •Ransomware has Jumped from the
22nd Most Common Malware Method
in 2014 to the 5th most common specific malware variety -- a 50% increase over 2016
![Page 37: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/37.jpg)
37 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR: Including Traffic controls,
And Other Devices
![Page 38: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/38.jpg)
38 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR: Last year, Verizon labeled ransomware as a high-frequency, low-impact annoyance.
![Page 39: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/39.jpg)
39 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR:
Ransomware has upped its game.
![Page 40: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/40.jpg)
40 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR: Now a $1 billion industry
![Page 41: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/41.jpg)
41 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR: •More than 100,000 infections per day
•An as-a-service model to rival its legitimate counterparts.
![Page 42: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/42.jpg)
42 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR: •Ransomware is now a board-room discussion, causing major productivity outages and data loss.
![Page 43: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/43.jpg)
43 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR: •81% of hacking-related breaches involved weak or stolen credentials -- an 18% increase from last year.
![Page 44: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/44.jpg)
44 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR: •nomoreransom.org •Has some tools to help prevent ransomware •No foolproof inoculation
![Page 45: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/45.jpg)
45 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR Recommendations: •Use Two-Factor Authentication •Stay Vigilant •Other steps . . .
![Page 46: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/46.jpg)
46 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
Verizon 2017 DBIR:
![Page 47: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/47.jpg)
47 www.SchumannLaw.com
Targets of Business Email Compromise – 2017 Update
ALTA TitleNews Warning:
![Page 48: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/48.jpg)
48 www.SchumannLaw.com
Fraudulent Wire Transfers
![Page 49: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/49.jpg)
49 www.SchumannLaw.com
Business Email Compromise
![Page 50: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/50.jpg)
50 www.SchumannLaw.com
Keylogging Malware - Business Email Compromise
![Page 51: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/51.jpg)
51 www.SchumannLaw.com
FBI, TRID and Best Practices
File a Complaint
![Page 52: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/52.jpg)
52 www.SchumannLaw.com
IC3 Complaint
![Page 53: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/53.jpg)
53 www.SchumannLaw.com
FTC – Help for Small Business
https://www.ftc.gov/SmallBusiness
![Page 54: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/54.jpg)
Internet of Things (IoT)
54 www.SchumannLaw.com
![Page 55: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/55.jpg)
Internet of Things (IoT)
55 www.SchumannLaw.com
Devices: • Webcams • DVRs • Connected Alarm Systems • Connected Refrigerators • Connected Toasters
![Page 56: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/56.jpg)
Internet of Things (IoT)
56 www.SchumannLaw.com
Devices: •Sprinkler systems •Doorbell/cameras to talk to
person at the door • Connected Virtual Assistants
• Apple Home app – IOS 10 • Pretty much any connected device with an IP
address
![Page 57: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/57.jpg)
57 www.SchumannLaw.com
DDoS Attacks:
•History •Dyn Managed DNS
Background: “When, not if” …
![Page 58: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/58.jpg)
IoHT - Internet of Hackable Things
58 www.SchumannLaw.com
![Page 59: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/59.jpg)
Internet of Things (IoT)
59 www.SchumannLaw.com
Cars: Some new vehicles, now connected to the internet, have become as hackable as laptops.
![Page 60: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/60.jpg)
Internet of Things (IoT)
60 www.SchumannLaw.com
Homeland Security: •One major cyberattack — the NSA chief has said it’s a matter of “when, not if” — could cost $50 billion and cause 2,500 fatalities.
![Page 61: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/61.jpg)
Ransomware
61 www.SchumannLaw.com
![Page 62: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/62.jpg)
Internet of Things (IoT)
62 www.SchumannLaw.com
Amazon Echo device: •“Wakes up” with a word . . . •Sort of a ”Siri” for the home
![Page 63: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/63.jpg)
Best Practices
63 www.SchumannLaw.com
• ALTA Best Practices: • Compliance Required?
• Written Policies • Handling Non-Public Personal
Information • Computer and Network Security
![Page 64: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/64.jpg)
Best Practices
64 www.SchumannLaw.com
• Best Practices issues: • Compromising Client
Confidential information • Careless transmission of
Wire Instructions – Significant Losses
![Page 65: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/65.jpg)
Best Practices
65 www.SchumannLaw.com
• Best Practices issue: • Inadequate monitoring of
paralegals and other law firm staff
![Page 66: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/66.jpg)
Best Practices
66 www.SchumannLaw.com
• Best Practices issues: • Lack of attention to
preventing infection of computer systems with malware, key-stroke analysis software, or ransomware
![Page 67: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/67.jpg)
Best Practices
67 www.SchumannLaw.com
• Best Practices: • Written Policies – Templates are
available: • Disaster Management Plan • Confidentiality Agreements • Background Checks • Oversight of Service Providers
![Page 68: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/68.jpg)
Cyber Security
68 www.SchumannLaw.com
•Beware Unexpected Funds from Unusual Sources
• Cashier’s Checks from outside U.S.
![Page 69: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/69.jpg)
Cyber Security
69 www.SchumannLaw.com
![Page 70: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/70.jpg)
Cyber Security
70 www.SchumannLaw.com
![Page 71: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/71.jpg)
Cyber Security Basics
71 www.SchumannLaw.com
• Minimize Your “Digital Footprint”
• Use Separate systems • Keep critical business
and client data separate and secure
![Page 72: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/72.jpg)
Cybersecurity
72 www.SchumannLaw.com
•BEFORE an attack: • Mission critical data • Risk management practices • Action Plan • Scheduled Exercises
![Page 73: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/73.jpg)
Cybersecurity
73 www.SchumannLaw.com
•BEFORE an attack: • Update Plan to reflect
changes in personnel and structure
• Implement appropriate technology and services
![Page 74: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/74.jpg)
Cybersecurity: Test Scenarios
74 www.SchumannLaw.com
•BEFORE an attack: • Run “WarGames” tests
and evaluate results
![Page 75: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/75.jpg)
75 www.SchumannLaw.com
•BEFORE an attack: • Evaluate and modify firm
policies in light of Incident Response plan
• Establish relationships with Law Enforcement
Cyber Security
![Page 76: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/76.jpg)
76 www.SchumannLaw.com
Illinois Data Breach Notification Requirements:
• (815 ILCS 530/10)
Sec. 10. Notice of breach.
Professional Responsibility
![Page 77: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/77.jpg)
Cybersecurity
77 www.SchumannLaw.com
•AFTER an attack: • Assess scope and nature of
the attack • Comply with Data Breach
Notification Requirements • Malicious vs. Tech glitch?
![Page 78: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/78.jpg)
Cybersecurity
78 www.SchumannLaw.com
•AFTER an attack: • Implement measures to
minimize damages • Collect information • Continue to monitor
network
![Page 79: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/79.jpg)
Cybersecurity
79 www.SchumannLaw.com
•AFTER an attack: • Do Post-Incident review • Make appropriate
corrections
![Page 80: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/80.jpg)
Cybersecurity
80 www.SchumannLaw.com
•ALSO: • Avoid using the
compromised system until certified ok
• Check status of other systems
![Page 81: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/81.jpg)
Cybersecurity
81 www.SchumannLaw.com
•ALSO: • Fraud, Cybercrime or a
Breach can target data, contracts, Loan documents, Loan Applications, any form of money, and NPI
![Page 82: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/82.jpg)
Cybersecurity UPDATE
82 www.SchumannLaw.com
•May, 2017: • Google Docs
phishing attack • Google Docs
service • “The Future of
Phishing”?
![Page 83: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/83.jpg)
83 www.SchumannLaw.com
TODAY: What's ONE Thing
You Can Do?
![Page 84: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/84.jpg)
Cybersecurity
84 www.SchumannLaw.com
Tips: FBI Cybersecurity Month Suggestions 1.Use complex, changing passwords 2.Consider using a Password manager, (e.g., 1Password or LastPass or Dashlane) 3.Protect Yourself with Two-Factor Authentication -- many e-mail service providers, social media platforms, cloud based storage solutions, and even banking and finance sites provide this service [But not Constant Contact]
![Page 85: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/85.jpg)
85 www.SchumannLaw.com
2FA/MFA
Cyber Security
![Page 86: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/86.jpg)
86 www.SchumannLaw.com
A More Basic Option: Secure Key •Meets Highest Security Standards of U.S. Government
•Unlocked using its own keypad and not the PC keyboard •Not vulnerable to software/hardware based key-loggers or
brute force attacks. •Data further protected with a “Brute Force Hack Defense
Mechanism”, which deletes the encryption key if the incorrect PIN is entered a total of 10 consecutive times.
![Page 87: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/87.jpg)
87 www.SchumannLaw.com
Apricorn Aegis Secure Key 120 GB FIPS 140-2
Level 3 Validated 256-bit Encryption USB 3.0 Flash
Drive (ASK3-120GB)
![Page 88: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/88.jpg)
Cybersecurity
88 www.SchumannLaw.com
Tips: 4. FBI Cybersecurity Suggestion: “Defense in Depth for the Everyday User” Implement multiple layers of security 5. Protect mobile devices from cyber intruders in public places. (Avoid “sniffers”.) Use a Virtual Private Network (VPN) (E.g, “HideMyA**”)
![Page 89: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/89.jpg)
Cybersecurity
89 www.SchumannLaw.com
Tips: 6.Use Out-of-Band Backup: 7.Back up your data to a cloud environment 8. Or store hard copies of data at a different physical location Avoid using just a single External Hard Drive connected to your computer. -Cyber criminals can encrypt attached EHD
![Page 90: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/90.jpg)
Cybersecurity
90 www.SchumannLaw.com
Tips:
9. Encrypt email communications. 10. Use electronic banking and safeguard your account numbers and bank routing numbers. Monitor all bank accounts carefully.
![Page 91: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/91.jpg)
Cybersecurity
91 www.SchumannLaw.com
Tips: 11. Ban social media from your computers 12. Update Operating System regularly 13. Install and keep up to date appropriate anti-virus and anti-malware software. Update and use daily. 14. Security Questions – think differently
![Page 92: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/92.jpg)
Cybersecurity
92 www.SchumannLaw.com
Tips: 15. Set Folder Options View settings so you can see file extensions on all files
![Page 93: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/93.jpg)
Cybersecurity
93 www.SchumannLaw.com
![Page 94: Attorney Obligations for Safekeeping Client Information · Cyber Security . Threats . 8 . The American Lawyer: Class action attorney Jay Edelson claims, in first public data security](https://reader035.vdocuments.net/reader035/viewer/2022062402/5fc9055f14ef0f43a247ed62/html5/thumbnails/94.jpg)
Attorney Obligations for Safekeeping Client Information ATG LEGAL EDUCATION
Speaker1 Company1
City1
Audio problems? Listen by phone: 877.691.9300 Access Code: 7521231#
Speaker2 Company2
City2
Speaker3 Company3
City3
Speaker4 Company4
City4
Please complete the Survey/Certification for CLE credit. – When you close this meeting, a new page will open on the ATG Legal Education login screen in about 5-10
seconds. Sign in and select Survey” as shown below. It takes three days to post the certificate.
If you are not redirected, access ATG Legal Education from your seminar email. Complete the Certification/Survey.
Select “Attendance Records” at left to view and print your certificate.
Thank you for attending today’s seminar.