Law Times

Page 10 December 7, 2015 • Law Times www.lawtimesnews.com FOCUS Defending your law firm from cyber invasions BY YAMRI TADDESE Law Times fter a year that saw high-profile cyber at- tacks and data breaches in the headlines, e- discovery experts are being told good information governance has everything to do with protecting data. Speaking at the Ontario Bar Association's 2015 e-Discovery Institute conference, Susan Wortzman, founder of e-discov- ery company Wortzmans, said cyber security statistics are "stag- gering." Wortzman cited a PwC Global State of Information Security sur- vey that found cyber attacks have increased by 48 per cent since 2013. Another survey showed that 60 per cent of cyber attacks target small- and medium-sized businesses and 80 per cent of large organizations were targeted with phishing attacks, Wortzman said. "With those kinds of statistics, what we know is that if your orga- nization has not been breached... it probably will," she said. "It's im- possible to have it covered because there's so much going on." Kevvie Fowler, partner of advi- sory services at KPMG, also said breaches are "inevitable." "What you can do is mini- mize the amount of times you're breached. You can do a better job of detecting the breach and effec- tively recover from the breach," he said. "It's about putting your orga- nization in a defensible position. That way you can stand up after the breach and say, 'We imple- mented proper due diligence to actually protect the information, we detected the breach quickly, and we were able to effectively re- cover.'" One of the best ways to reduce cyber security risk is through good information management, according to Wortzman. "If you manage your informa- tion better, if you know where it is, and how it is stored...you're going to reduce the risk significantly," Wortzman said. After major attacks, it's be- come clear that some of the tar- geted companies should not have had the compromised data in their possession to begin with, she said. Credit card information, ad- dresses, and phone numbers that were compromised in the breach should have long been deleted from company records, Wortz- man added. "If the organization had been managing its information prop- erly and had good information management strategy, it would have disposed of all of that infor- mation," she continued. Purging outdated informa- tion not only protects data but it means significantly fewer cleanup costs after a breach, Wortzman said. She noted that, in 2014, the average cost of a breach was $250 per compromised record or about $5.32 million per incident. Can- ada ranks third highest for per capita cost of data breach, closely following the U.S. and Germany, she added. Good information manage- ment also means companies know their information well, and can easily figure out which data is critical or considered "crown jew- els" of the organization, according to Wortzman. Experts helping companies with data management should identify the most important piece of information the client has, she said. "Maybe it's their customer in- formation, but maybe it's formula, maybe it's data, maybe they're a manufacturer and it's a product," Wortzman said. "Whatever it is, identify it, silo it, and protect it differently, protect it separately." "Sometimes, like in the Ash- ley Madison case, [hackers] are after embarrassment, but most of the time, they're after the crown jewels because they're trying to make money through the breach," Wortzman said. The added bonus of good in- formation governance means that if companies get hit with litigation and must do an e-discovery exer- cise, it becomes much easier and cheaper for them to meet those obligations, Wortzman said. Fowler said law firms are good targets for cyber attacks because they carry a lot of sensitive data, including acquisition-related in- formation, patents, privileged ma- terials, and user names and pass- words for client company portals. And yet, law firms are often seen as "the weak link" when it comes to protecting information, Fowler said, adding their clients are starting to press them on how they're keeping data safe. "We're seeing a lot of large enti- ties, specifically large banks, tar- geting their law firms to identify what processes, what systems they have in place to protect the infor- mation in their care," he said. When it comes to implement- ing cybersecurity policies, law firms should focus on "the human factor," Fowler said. "It takes one user to circumvent all the technol- ogy and all the process that a law firm might have in place." Law firms have a tendency to rely on their rigorous background checks to weed out unsavoury employees who may assist outsid- ers in carrying out cyber attacks, said Fowler, but that's a false sense of safety. "The way cybercrime is mov- ing now, they're actually not try- ing to get malicious individuals hired into organizations, they're looking to turn good employees bad," he added. Fowler told the audience hack- ers find ways to extort employees, sometimes using "shameware" technologies via webcams that capture videos used to blackmail individuals. Wortzman said part of the problem is despite the huge risks of data breach companies are not spending money on security. "The average information se- curity budget decreased by five per cent in 2014," she said. "No- body is focused on fixing the problem." LT THE MOST COMPLETE DIRECTORY OF ONTARIO LAWYERS, LAW FIRMS, JUDGES NEW EDITION Perfectbound Published December each year On subscription $80 One time purchase $83 L88804-764 Multiple copy discounts available Plus applicable taxes and shipping & handling. (prices subject to change without notice) Visit carswell.com or call 1.800.387.5164 for a 30-day no-risk evaluation With more than 1,400 pages of essential legal references, Ontario Lawyer's Phone Book is your best connection to legal services in Ontario. Subscribers can depend on the credibility, accuracy and currency of this directory year after year. More detail and a wider scope of legal contact information for Ontario than any other source: • Over 27,000 lawyers listed • Over MBXȮSNTBOEDPSQPSBUFPGȮDFTMJTUFE • 'BYBOEUFMFQIPOFOVNCFSTFNBJMBEESFTTFTPGȮDFMPDBUJPOTBOEQPTUBMDPEFT Includes lists of: • Federal and provincial judges • Federal courts, including a section for federal government departments, boards and commissions • Ontario courts and services, including a section for provincial government ministries, boards and commissions • Small claims courts • The Institute of Law Clerks of Ontario • Miscellaneous services for lawyers ORDER YOUR COPY TODAY! Untitled-1.indd 1 2015-10-29 11:51 AM A Fighting cybersecurity breaches is 'about putting your organization in a defensible position,' says KPMG's Kevvie Fowler. Photo: Yamri Taddese Whether the issue is competing claims to maritime resources, navigational freedoms, or coastal waters jurisdiction, you'll find the most up-to-date information explained in a geopolitical context in International Law of the Sea. For the first time, all types of States are compared and discussed in one place - land-locked, geographically disadvantaged, transit, archipelagic, coastal, and island States. This comprehensive work provides you with: • Detailed and expert analysis of all key principles and legal concepts relating to international maritime boundaries, the use and access to international waters, and the resources therein • A thorough overview of the mechanisms available to settle maritime disputes • Case law with references to all necessary international treaties, conventions and International Court decisions on the topic over the last 300 plus years Detailed maps and tables illustrate complex and particular boundary issues and claims throughout the world. New Publication International Law of the Sea Georges Labrecque Available risk-free for 30 days Order online: www.carswell.com Call Toll-Free: 1-800-387-5164 In Toronto: 416-609-3800 Order # 986706-65203 $305 Hardcover 620 pages October 2015 978-0-7798-6706-6 Shipping and handling are extra. Price(s) subject to change without notice and subject to applicable taxes. 00233EV-A51319 Get fully briefed on current international law of the sea

• Cover