Our experts, Joe Riccie and Rob Kleeger, joined legal management professionals at the 2018 ALA National Conference (and will be joining again in 2019) to discuss how law firms traditionally have been spending money to secure their IT Security – from the networks to data privacy and legal issues that may be impacting the way firms deal with clients’ data and third parties, and best practices to offset the current trends.
During this session and throughout the conference, there was much buzz around technology and IT security. Many of the questions that were asked, were asked by many, and we have compiled some of the top 3 questions and guidance below.
Answer: Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack (link is external). Remote Desktop can be secured using SSL/TLS in Windows Vista, Windows 7, and Windows Server 2003/2008.
While Remote Desktop is more secure than remote administration tools such as VNC that do not encrypt the entire session, any time Administrator access to a system is granted remotely there are risks.
Recently, remote desktop protocol (RDP) access to businesses is now popularly sold and bought on the Dark Web, according to the McAfee Advanced Threat research team. In a recent report, they found that organizations’ RDPs— Microsoft-developed protocols that allow users to access another computer system remotely—are being sold on the Dark Web for as little as $10.
By default, all “Administrators” can log in to Remote Desktop. If you have multiple Administrator accounts on your computer, you should limit remote access only to those accounts that need it. If Remote Desktop is not used for system administration, remove all administrative access via RDP and only allow user accounts requiring RDP service.
Answer: The Security and Compliance Center enables an organization to manage data protection and compliance, allowing those with it the ability to review threat protection status and view and act on security alerts, should there be any. The dashboard can create reports on email security and for advanced threat protection.
This dashboard can be a wealth of information on your security status. To activate the dashboard, work directly with your IT team. Is your dashboard set up properly to view the details you look to be viewing? Is the information accurate?
As such, when a user’s email account is compromised, those files are typically the concern and could trigger a data breach notification obligation, cause violations to engagement terms, ethical issues, and perhaps a malpractice claim. What recommendations do you have to avoid this from happening?
A: First and foremost, training the employees. Since often humans are the weakest link, if the users who are conducting work on behalf of a client, they should understand that having these files in an unprotected state (no password or encryption protections), that is the first issue. The second issue is having the enterprise have a centralized repository where sensitive files can be maintained and stored, have access controls, and be easily searchable. Forcing good habits for the sensitive information to no longer be maintained and stored in a user’s email will help avoid this risk. Additionally, two-factor authentication should be enabled. Have the ability to use encryption for data at rest and in motion in order to set up “reasonable” safeguards to avoid a cyber incident
IT security is not something that will be going away anytime soon. Ensuring your firm does not fall victim to data breaches and attacks is key, but you’re likely spending money in the wrong areas of IT security. Hackers today know that law firms traditionally do not strongly secure all of their systems.
The first step to improving the security posture of your organization is to find a trusted cybersecurity advisor who can guide you through the process. By working with a cybersecurity partner like Withum, you gain access to experienced specialists equipped to perform both vulnerability scans and penetration tests. We work with internal teams to help them to understand exactly how the scans contribute to risk mitigation and work with them to identify tools to adhere to industry and organizational compliance requirements. Hope to see you at the 2019 ALA Conference!
Withum’s Cyber and Information Security team has the expertise and experience to ensure your networks are protected. Fill in the form below to schedule your cybersecurity consultation today.