The VBA Journal is the official publication of The Virginia Bar Association.
Issue link: http://vba.epubxp.com/i/815343
28 • VBA JOURNAL CYBERSECURITY BY SHARON D. NELSON, Attorney, and JOHN W. SIMEK SECURITY AWARENESS Is Your Firm Protected? Adapted from "Security Awareness Training for Law Firm Employees," © 2016 Sensei Enterprises, Inc. T he greatest threats to your law firm's cybersecu- rity include click-happy employees and rogue workers determined to use their own devices, and go where they want to on the internet, against firm policies. Data breaches and ransomware infections regularly occur. Consider a few statistics. A study of 1,200 full-time employees in October 2015 by the Computer Technology Industry Association found that: • 63 percent used work mobile devices for personal activities • 94 percent used mobile business devices to connect to public Wi-Fi networks • 78.5 percent used public Wi-Fi to check work email, and • 60 percent used public Wi-Fi to gain access to work documents. Furthermore, 45 percent never had any cybersecurity training from employers. OK. So, that's all employers. ings are much different where lawyers are concerned, right? e Association of Corporate Counsel published e State of Cybersecurity Report in December 2015. More than 1,000 general counsels participated. Just one in three track attendance at mandatory cybersecurity training, only 19 percent give a test for comprehension, and only 17 percent hold simulated security events. DON'T BE STUPID! Ponder this. Researchers sprinkled 200 unbranded USB drives in public, at airports, coffee shops, and parks in Chicago, Cleveland, San Francisco, and Washington, D.C. This is called baiting, and people fall for the tactic all the time. In this example, 34 USB drives, or 17 percent, were picked up and used. Researchers