1 The Firm s Digital Assets: How to Identify & Protect Them Jason L. Turner May 2, 2013
2 Learning Objectives Through today s seminar, we will: (1) Learn what a digital asset is; (2) Explore how technology and our ethical obligations cross paths in the digital age; and (3) Learn some safeguards to implement within the Firm to reduce cyber-attacks and security breaches
3 What is a Digital Asset? Computer files Word documents, PDFs, Excel Website PayPal Social Media sites LinkedIn, Facebook, Twitter Ultimately, a digital asset is anything you electronically store, whether it be on your computer, phone, tablet or via the server (old school or cloud).
4 Keeping Digital Assets Secure Cyber-Attacks are on the rise Complaints in excess of 300k/year CA, FL & TX ranked #1, #2 & #3 in Verizon Business Study Studied 90 breaches 285 million data records exposed 9 exposures per second End user mistake = most breaches Twitter & Facebook = most attacked websites
5 Passwords Anonymous attack on Yahoo Analysis on 440k Yahoo passwords: 22% were not unique (i.e., used by more than one person) Password, , Jesus, welcome, love, money, freedom
6 Hacking / Cyber-attacks Puckett & Faraj, PC (Virginia firm) Military law firm (defended US Marine in Haditha killings) February 2012 hacking by Anonymous Released numerous electronic files, including employee s, cell phone records, etc. Replaced firm s website home page with a hip-hop video
7 Hacking / Cyber-attacks, cont d. Anonymous strikes again! Jan. 28, 2013 US Sentencing Commission website Protesting the prosecution of Aaron Swartz (committed suicide while awaiting trial) Replaced site with video criticizing prosecution Hacked again after site restored Uploaded code that could change site into the Asteroids video game Distributed encrypted files named after US Supreme Court Justices
8 Where are Digital Assets Kept? Computers (PCs and laptops) Tablets (ipads) Internal Servers External/Cloud Servers Mobile Phones It is crucial to have a security-aware culture to make reasonable attempts to prevent breaches.
10 Security-Aware Culture cont d. Information Technology (IT Dept.) Security team can assist in assessing data and creating a risk assessment plan Insurance coverage (not for ethical violations!) The primary motivation for hacking is revenge/disgruntled employees.
11 Ethics & Digital Assets Model Rule 1.6(a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by paragraph (b)* *[criminal acts, bodily harm, etc.]
12 Ethics & Digital Assets Model Rule 1.6(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.
13 Maintaining Sensitive Information Safeguard your sensitive info by: (1) Knowing what you have; (2) Keeping only what is necessary; (3) Protecting what is retained; (4) Properly destroying what is not needed; and (5) Developing a response plan in the event of a security breach Segregate high-risk assets and implement additional measures to maintain security of the assets.
14 Major Areas of Exposure Computer Servers (internal v. the Cloud) Smartphones/Mobile Devices Websites/Social Media
15 Servers vs. The Cloud
16 2012 Global Cloud Survey Report Legal IT Professionals
17 The Cloud: Efficient, Affordable & Accessible Alternative to internal server rooms Drop Box, Microsoft, Google, Amazon End user accesses files via web or desktop application Copies are synched instantaneously Can be stored locally Accessible 24/7 from anywhere and via virtually any device
18 The Cloud, cont d. Significant cost savings vs. traditional server Tens of thousands of dollars annually vs. nominal annual fees Staff of 10 = $1, annually (based on Drop Box) Convenience / Accessibility No cost of maintenance, office space or software While there are many benefits to Cloud servers, be aware of and manage the many risks.
19 Choosing a Cloud Provider (1) Reputation Short business history First established in mid 2000s Google search for reviews from users Review news stories for breaches
20 Choosing a Cloud Provider, cont d. (2) Security Who owns the data? Closely review Terms of Service re: third party outsourcing How secure is the transfer of data from user to cloud? What happens in the event of a crisis, disaster or outage? What happens if a device (i.e., laptop) is lost?
21 Choosing a Cloud Provider, cont d. (3) Privacy Be aware of different laws in different countries Currently no blanket law in the U.S., unlike the E.U.
22 % of Attorneys Using Digital Case Management Systems 100% 80% 60% 40% 20% 0% 0-3 years 4-10 years 10+ years 2011 Small Law Firm Technology Report calawyer/pdf/small_law_survey.pdf
23 Smartphones/Mobile Devices Smartphone Usage Among Lawyers 90% 85% 80% 75% 70% ABA Legal Technology Resource Center
24 Uses for Mobile Devices (over 90%) Calendar & Contacts Internet access Telephone conversation Text messaging In 2011, 33% of respondents indicated use of an ipad/tablet (more than 2x in 2010)
25 Safeguarding Mobile Devices SHOCKING STATISTIC: **Only 65% of respondents indicated actively using a password on their mobile device! In 2011, $30 BILLION worth of cell phones were lost in the U.S. Symantec study of purposefully lost phones: 96% were accessed by the finders 83% were accessed for corporate-related apps/info
26 Safeguarding, cont d. What do you have on your phone (or ipad)? Client s Text messages Client contact information Financial information Case information/notes Passwords Remember our ethical obligation to make reasonable efforts to prevent disclosure of or unauthorized access to client information.
27 Don t Get Scared! Two options for firms re: mobile device policy: (1) Block mobile devices from installing synchronization programs or accessing corporate servers (not recommended!) (2) Implement a balanced mix of policies and tech enforcement to maintain secure data
28 Ways to Protect Mobile Devices PASSWORDS! Basic password to lock device (and auto-locking) Unique passwords for certain files/folders No remember me for apps! Anti-virus protection (Norton, McAfee, etc.) Encryption (i.e., Wickr) Military grade encryption for text, photo, audio and video messages and it is FREE!
29 Ways to Protect cont d. Remote wiping / Find my iphone Lock individual applications Use common sense and a password, at a minimum!
30 Social Networking
31 Social Media/Internet Usage Policy Tips/Guidelines Ban sites or functionality, if necessary Educate users Open up, but keep control Protect users identity Stay informed
32 What We Learned We now know: (1) What a digital asset is; (2) That we have ethical obligations that need to be monitored when using digital devices; and (3) How we can minimize our risks when affording ourselves the benefits of using mobile devices and cloud services
33 End of Session Thank you for attending the session today. Please take the time to conduct the Conference Evaluation that you will receive via .
34 The Firm s Digital Assets: How to Identify & Protect Them 1 Jason L. Turner Keller Turner Ruth Andrews Ghanem & Heller, PLLC th Avenue South, Suite 302 Nashville, TN (615) Mr. Turner has extensive experience in intellectual property, copyright and trademark law. Mr. Turner represents record companies, entertainment industry executives, music publishers, songwriters, professional athletes and sports franchises in various corporate, copyright and trademark matters. Mr. Turner s practice focuses on the representation of clients in the negotiation of various entertainment contracts, protection of intellectual property rights for entertainers and professional sports entities, and representation in federal copyright and trademark infringement litigation, which recently resulted in a landmark ruling in favor of the heirs of the author of I ll Fly Away in a federal court copyright termination case. He has served as an adjunct professor at Belmont University s Curb College of Entertainment & Music Business and currently serves as Adjunct Professor of Entertainment Law at Stetson University College of Law in St. Petersburg, FL.
35 Identifying & Protecting the Firm s Digital Assets In the current age of digital media, a global workplace, and the server-less or cloud office, a law firm has many digital assets. Every day, multiple new assets are created. Is your firm taking the necessary steps to protect those assets? What processes are in place to ensure that the firm abides by its ethical obligations to protect confidential client information? What is a Digital Asset? Digital assets include online accounts and computer files 2 that are created during the course of a firm s practice. They include a firm s website, social media sites (i.e., Facebook, LinkedIn, etc.), s, and client files stored electronically, among many other things. There are many convenient ways to access the digital assets, yet with convenience, comes large risks for compromising security and confidentiality. With cyber-attacks on the rise, firms must take necessary, but reasonable, steps to ensure that data remains protected. Security Concerns Keeping Your Digital Assets Locked On July 12, 2012, a hacker group attacked Yahoo s service. 3 As a result of the hack, analysis was conducted on approximately 440,000 passwords on the Yahoo accounts. 4 The study revealed that over 22% of the passwords was not unique (used by more than one individual). 5 Some of the most common passwords were password, , welcome, Jesus, love, money, and freedom. 6 Just five months earlier, hacker Anonymous infiltrated the s of the Virginia law firm of Puckett and Faraj, and released several internal s and posted a message on the firm s website homepage. 7 Companies specializing in law firm technology security, such as Firmex, jumped on the story to promote its Virtual Data Room service, which is a cloud-based secure document sharing solution for law firms. 8 Early in 2013, Anonymous struck again, only this time it hacked the U.S. Sentencing Commission s website in protest of the prosecution of Aaron Swartz, the individual who 2013 NAELA Annual Conference May: 2-4 Page: 1
36 committed suicide while awaiting trial for allegedly downloading scholarly papers and making them freely accessible to the public. 9 The hackers initially replaced the site with a video criticizing the individual s prosecution, and after the site s restoration, Anonymous hacked the site again. The hackers reportedly distributed encrypted files named after Supreme Court justices in an effort to force legal reform to limit computer fraud laws used to prosecute hackers. More recently, the United States government has initiated a secret legal review of its use of cyber weapons in light of the alleged Chinese hack attack on the Wall Street Journal and New York Times. 10 In the attack, hackers succeeded in obtaining passwords and gaining access to 53 employee computers. 11 In fact, some argue that cyber weaponry is the newest and perhaps most complex arms race under way amongst the world s powerful nations. 12 Think of it this way when you leave your house in the morning to go to work, chances are, you lock the doors to your house. You do not want unwanted visitors snooping around your personal belongings while you are away. Lawyers and law firms must have that same mentality when it comes to a firm s digital assets, especially in the age of global exchange of information, accessibility through mobile devices (smartphones and ipads), and client confidentiality issues. Would you willingly leave your house unlocked in the morning knowing that someone wants access to your belongings? Issues such as information security, password protection, and an awareness of preventing cyber-attacks must be at the top of a law firm s list of priorities. Absent such, a firm risks being attacked like Puckett and Faraj, which undoubtedly will lead to loss of business, lost profits, and potential ethical violations. A. Managing Sensitive Information/ Protecting Digital Assets Law firms undoubtedly possess and maintain large amounts of confidential client information. Implementing measures to protect the integrity of that information presents a 2013 NAELA Annual Conference May: 2-4 Page: 2
37 challenge because a data security plan must balance securing and protecting the integrity of the information (i.e., the digital assets ), as well as an individual s right to privacy concerning his or her own personal information, even in the workplace. Cyber fraud and attacks are increasing more frequently than ever before. Savvy hackers can access entire bank accounts and personal information worldwide with just a few strokes of the keyboard and installation of viruses and malware. According to the Internet Crime Compliant Center (a division of the Department of Justice), 2011 was the third year in a row of cyber-crime complaints exceeding 300,000 compared to just 207,000 complaints in Interestingly, Florida ranked #2 in victim complaints. As it relates to data mining and web hacking, Verizon Business conducted a study in 2009 of 90 data breaches, which revealed that 285 million data records were exposed across the 90 breaches, which equates to nine data exposures for every second. 14 As explained by the forensics manager for Verizon Business Solutions, many of the breaches were the result of an end user mistake (i.e., a human doing something on the computer), which leads to the user s system getting hacked and/or the installation of malware to collect data from the user s system. 15 The study further revealed that the most attacked websites include Twitter and Facebook. 16 The balance between an individual s privacy rights and the need to protect the firm from an unauthorized disclosure of confidential information is a sensitive balance. By focusing on your employees and their behavior as it relates to computer usage, one can attempt to build a security-aware culture. 17 Options as simple as installing anti-virus software is a good first step, but it also requires the training of employees to be aware of phishing scams, malware popups, and potential viruses contained within unknown attachments. Educating the workforce is the next step in attempting to combat security issues and avoid putting digital assets 2013 NAELA Annual Conference May: 2-4 Page: 3
38 at risk. This includes having a security team (typically an IT individual) assist the firm with assessing data and compiling the risk assessment plan. Finally, a firm can mitigate risk by purchasing insurance coverage, though such likely will not protect lawyers from potential ethical violations, to the extent that disclosure of confidential information occurs. Keep in mind that the primary motivation for hacking seems to be disgruntlement and revenge by former employees, 18 and as such, implementation of proper data security measures is crucial. B. Law Firms and Data Security As a law firm, protecting confidential client information contained in digital files can become quite problematic when employees have free reign to surf the Internet from a work computer that stores and/or has access to such digital assets. Sensitive information must be safeguarded by maintaining a data security plan that (1) knows what sensitive information one has; (2) keeps only the sensitive information necessary; (3) protects the information that is retained; (4) properly destroys information no longer needed; and (5) develops a response plan in the event of a security breach. 19 This is consistent with a lawyer s ethical obligations pursuant to Model Rule 1.6(a) (providing that one shall not reveal client information without informed consent) and 1.6(c) (providing that one must make reasonable efforts to prevent disclosure of, or unauthorized access to, client information) (emphasis added). Law firms need to rethink how they protect confidential digital assets by identifying which assets are deemed high-risk to intrusion, segregating those assets from other less sensitive assets, and providing additional security to make efforts to maintain security of the assets. 20 While virtual data rooms (online vaults that allow one to store documents electronically in the cloud so clients can easily access those documents from anywhere in the world), smartphones and websites provide a significant convenience for access and promotion, they also provide 2013 NAELA Annual Conference May: 2-4 Page: 4
39 major security issues that must be addressed adequately to prevent a violation of ethical obligations to our clients. I. The Cloud In the mid to late 2000s, companies began introducing cloud servers as an alternative to storage rooms full of computer hard drives. Companies such as Dropbox, Microsoft, Terremark (owned by Verizon), Amazon and Google have all entered the marketplace and actively compete for business from companies and individuals. With a cloud server, the end user can access files (i.e., Word documents, PDFs, etc.) via a web browser or desktop/mobile application. Copies of the files can be stored on a local computer, but the main idea is to store the files on the cloud server at a remote location to allow the user to have access to the files any time and from anywhere. 21 With applications such as Dropbox, the files are synched between the local computer and the cloud server such that if changes are made to a document on a local computer, those changes are synched to the cloud instantaneously. Choosing a cloud company can save firms a significant amount of money since there is virtually no capital outlay, unlike with the old school server rooms, which could cost in the tens of thousands of dollars to purchase and maintain each year. With a cloud service, a firm can have all of the benefits of a server room at a fraction of the price (e.g., a Dropbox account for a team of 10 individuals costs a grand total of $1, per year). 22 However, while there are certainly some major benefits to cloud servers, (not the least of which are cost savings and convenience), there are some risks that firms should be mindful of when considering a switch to cloud-based servers. There are three main items that firms should be aware of when selecting a cloud provider: (1) the provider s reputation; (2) security; and (3) privacy issues. 23 Each of these issues requires common sense and should be well thought out ahead of time NAELA Annual Conference May: 2-4 Page: 5
40 A. Reputation. As with any business, reputation is everything. While cloud-based companies are fairly new given the fact that the idea was not released to the public until about ten years ago, certain companies undoubtedly have established great reputations such as Google, Amazon, and Dropbox, just to name a few. A simple Google search can reveal a general consensus of user reviews and news articles about virtually any existing cloud provider. B. Security. Until users become fully aware of the depth of the cloud, security and privacy in cloud computing will remain a major concern. Arguably the largest security concern is akin to the age-old ethics question of who is the client? Here, the question is who owns the data? As Tchifilionova points out, [w]ith cloud computing, consumers do not own the computing infrastructure and often it is no longer clear who owns and controls the data if the third party is further outsourcing some of its infrastructure or services, or if the real owner is not mentioned in the provider s terms of services. 24 Similar to web-based hacking, one can imagine that cyber-attacks on cloud providers might begin to increase as more and more people move to cloud services, which is why users should invest in risk assessment to ensure that the provider has adequate security controls in place. For example, Dropbox utilizes the AES-256 standard, which is the same standard utilized by banks. 25 File transfers via Dropbox also have the protection of AES 256-bit encryption, and users have the option of applying additional encryption to files prior to placing them into the Dropbox folder(s). 26 With a 256-bit encryption algorithm (as adopted by the National Institute of Standards and Technology), the encrypted file is completely unreadable without the password associated with the file/folder. 27 As with any kind of hardware, software or application these days, users must always be aware of the risks of compromising confidential information when allowing third parties access to data. Also, what happens in the event of an Internet outage, crisis/disaster? Clearly, this will 2013 NAELA Annual Conference May: 2-4 Page: 6
41 cause issues regardless of whether the outage or disaster is at the user s location or the cloud provider s location. However, if a firm still utilizes the in-house server room and the physical location incurs a disaster, the firm may completely lose everything (assuming there is no backup). Alternatively, with a cloud provider, assuming there are no Internet outages, the cloud files are theoretically always available by storing data across multiple data centers. 28 Likewise, if files are kept in the cloud as opposed to on an actual device (i.e., desktop, laptop, phone), one could legitimately argue that if devices are hacked, lost or stolen, no data can ever be lost since the files are maintained on private clouds that are highly encrypted. 29 C. Privacy. The main concern with cloud computing is how to protect data in transit, or in storage, and how to protect that same data from storage providers. Different countries have different legislation in place (or none at all) as it pertains to electronic data. For example, the United States has the Patriot Act, which allows the federal government the right to request details about one s online activities without that individual s knowledge. The European Union has been at the forefront of digital data protection laws, which sometimes are in conflict with the U.S. laws. 30 This is important because if the cloud provider moves data to a different geographical location without disclosing such to the user, a different set of laws might apply as it relates to privacy rights. 31 Absent specific legislation regarding cloud computing, it is foreseeable that these issues will go unresolved and conflicts will remain. II. Smart Phones/ Cellular Devices As more employees use their smartphones to access sensitive company data, the need for mobile security has increased dramatically over the past decade. As an employer, while it is great to know that employees are utilizing ipads, mobile phones, and other mobile devices to improve productivity, the benefit of more productivity is undermined by the potential of security 2013 NAELA Annual Conference May: 2-4 Page: 7
42 risks. One expert suggests that there are two options for companies: (1) block mobile devices from installing synchronization programs or access to corporate servers (not a realistic approach in the current digital age) or (2) implement a balanced mix of policies and technological enforcement to maintain secure data. 32 Each year, the ABA Legal Technology Resource Center conducts a survey to gauge use of technology by individuals in the legal field. Over the course of the past three years, that study revealed that 79%, 88%, and 89% (respectively) of lawyers responding to the survey indicated use of some sort of mobile device for legal work. 33 Uses include (well over 90%), calendar and contacts, Internet access, and of course, telephone conversations/text messaging. Perhaps a bit surprising is that the 2010 survey revealed that only 65% of the respondents indicated that they actively utilize a password on their mobile device. 34 This is shocking simply because a lawyer s ethical obligations are pounded into the brains of lawyers at CLEs annually. It is quite common for a cell phone to be lost or stolen ($30 billion worth of cell phones were lost by U.S. consumers in 2011), 35 and with lawyers carrying highly confidential information on mobile devices, lawyers must take the bare minimum steps to protect the accessible data on the mobile devices. In a study commissioned by Symantec (mostly known for its Norton Anti-Virus products), 96% of phones that it purposefully lost in major cities were accessed by the finders of the phones. 36 In the same study, 83% of the lost phones were accessed for corporate-related applications and information. 37 Simply put, lawyers must recognize that the Model Rules of Professional Conduct pertaining to client confidentiality are just as vital as it relates to mobile devices as they are when it comes to old fashioned paper files. In the latest survey, 33% of respondents indicated use of an ipad or similar tablet device for law-related tasks, which was more than double that of the prior year. 38 Recall that 1.6(c) requires a lawyer to make 2013 NAELA Annual Conference May: 2-4 Page: 8
43 reasonable efforts to prevent disclosure of, or unauthorized access to, client information. Allowing easy, unprotected and unfettered access to s, contacts, and perhaps confidential client information within one s contacts (i.e., social security numbers, bank information, etc.) on an unlocked phone certainly does not seem to rise to the level of reasonable efforts in this day and age. There are some pretty easy solutions to protecting mobile devices. Things such as encryption and virus protection are easily available online and/or via app stores directly through mobile devices. Also, certain phones, such as the iphone, have remote wiping that an owner can utilize in the event a phone is lost or stolen. This allows the user to go to a computer and remotely lock and/or completely wipe (delete) all of the contents off of the phone to prevent the thief from accessing confidential client data. It is also possible to lock individual applications or require unique passwords for certain files or folders on the mobile devices. Ultimately, each mobile device should, at a bare minimum, have a password lock enabled. Short of that, it is a very plausible argument that a lawyer could face ethics violations in the event of improper disclosure via mobile devices. III. Social Networking: Managing Your Brand As we are living in the age of Facebook, LinkedIn and Twitter, social media sites can and do provide great benefits to companies and can be a fantastic means of branding. However, these types of sites can be risky and problematic as well. For example, two defense lawyers in New Jersey recently found themselves in hot water with the New Jersey Bar because of a paralegal who friended the plaintiff in a personal injury case in order to access private information on the plaintiff s Facebook page. 39 According to the Office of Attorney Ethics in New Jersey, this amounted to improper contact with an adverse party in violation of the Rules of 2013 NAELA Annual Conference May: 2-4 Page: 9
44 Professional Conduct (as well as other alleged violations). Additionally, a recent case has been submitted to the Florida Supreme Court over a trial court judge having a prosecuting attorney as a Facebook friend. 40 Firms should have some sort of social network usage policy, not just for lawyers, but for all employees. One writer suggests some tips for companies when drafting such a policy: 1. Ban sites or functionality if necessary. While an outright ban is not necessarily recommended, sites that run in an encrypted form (one that does not allow web monitoring) may require blocking. 2. Educate users. It is crucial to talk to your employees about the importance of creating unique passwords (preferably alpha-numeric) and maintaining the security of such. This also includes informing employees of the necessity of maintaining client confidentiality on such sites (i.e., not disclosing confidential case facts over Facebook or Twitter), whether they be personal sites or company websites. 3. Open up but keep control. Provide the time and environment for your employees to engage in non-work related browsing by defining a policy and applying it. Perhaps there are certain times of the day when downtime is allowed (akin to a smoke break ) to foster a productive work day that doesn t include non-stop activity on social media sites, which will lead to very low productivity. Also, advise employees to use caution when accepting friends on Facebook for the very reason as noted above NAELA Annual Conference May: 2-4 Page: 10
45 4. Protect users identity. Again, with sites such as Facebook, it is important that employees keep their privacy settings set at a responsible level to avoid personal and/or business information from being available to the public. 5. Stay informed. Someone within the firm needs to reasonably monitor which applications are being accessed from within the firm network. With cyber-attacks occurring more frequently through social media sites, this could be a wide open door to an attack on the firm s digital infrastructure. 41 Conclusion As lawyers, there are many great benefits at our fingertips with the amazing technological advances that we have experienced over the past decade and will continue to enjoy in the future. From accessing case law from an ipad in court or instantaneously responding to demanding clients from a mobile phone or device, we have the ability to increase productivity (and reduce free time!). However, with these great advances in technology, we must be aware of the security risks and ethical obligations that we have to maintain the integrity of the information and prevent unauthorized disclosure of confidential client information. With a balanced approach, security concerns can be mitigated while maintaining the need for accessibility and balancing privacy concerns. 1 This paper was originally presented on October 17, 2012, at Stetson University College of Law s Special Needs Trust 2012 National Conference in St. Petersburg, FL. Updates and revisions have been made for the 2013 NAELA Annual Conference. 2 Davis, J., Lustig, N.: Digital Assets (Feb. 10, 2011), 3 Protalinski, E.: The Top 10 Passwords from the Yahoo Hack: Is Yours One of Them? (July 12, 2012), 4 Id. 5 Id NAELA Annual Conference May: 2-4 Page: 11
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
Ethical Considerations for Lawyers Using the Cloud Presentation by Peter J. Guffin, Esq. Pierce Atwood LLP email@example.com (207) 791-1199 Maine State Bar Association Summer Meeting June 22, 2012
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
Protect. Manage. Organize. Three Steps to a More Secure Digital Life As you move more of your information online, here s how you can safeguard your assets, preserve your good name, and assist your family.
Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers
POLICY NO. 3.14 September 8, 2015 TITLE: INTERNET AND EMAIL USE POLICY POLICY STATEMENT: Many of our employees have access to the internet as well as email capabilities. The County recognizes that these
Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
400,000000 Almost 400 million people 1 fall victim to cybercrime every year. A common way for criminals to attack people is via websites, unfortunately this includes legitimate sites that have been hacked
WHITE PAPER: WEB PROTECTION FOR YOUR BUSINESS, CUSTOMERS............ AND.... DATA........................ Web Protection for Your Business, Customers and Data Who should read this paper For security decision
Data Security and the Cloud TABLE OF CONTENTS DATA SECURITY AND THE CLOUD EXECUTIVE SUMMARY PAGE 3 CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 PAGE 4 PAGE 5 PAGE 6 PAGE 8 PAGE 9 DATA SECURITY: HOW
CHARLES LUCE S LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) A. Cloud Computing Defined: n. A loosely defined term for any system providing access
Open an attachment and bring down your network? Many people think this will never happen to them, but virus attacks can come from unlikely sources and can strike when you least expect it. They can wreak
Mapping Your Path to the Cloud A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Table of Contents Why the Cloud? Mapping Your Path to the Cloud...4
Tahoe Tech Group LLC Cyber Security Briefing Truckee Donner Chamber of Commerce March 6, 2015 Tahoe Tech Group serves as your technology partner with a focus on providing cost effective and long term solutions.
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Law Firms and Cyber Security A hacker s dream and a lawyer s nightmare About Delta Risk is a global provider of strategic
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
Cyber Security Laws and Policy Implications of these Laws In an age where so many businesses and systems are reliant on computer systems, there is a large incentive for maintaining the security of their
Welcome! What We Do At IntelliSystems, our goal is to get Information Technology and telecommunications management out of your way so that you can focus on your business. Historical PC Business Network
Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public
Cloud Computing TODAY S TOPICS What Cloud Computing is and How it Works Security & Privacy Issues Investigative Challenges WHAT IS CLOUD COMPUTING? Cloud computing refers to software or processes offered
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
Litigating in the Cloud - Security Issues for the Trial Practice J. Walter Sinclair Stoel Rives LLP 101 S. Capitol Blvd, Suite 1900 Boise, Idaho 83702-7705 (208) 389-9000 firstname.lastname@example.org Mr. Sinclair
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
The Hottest Topics for the Hottest Topics for Bar Leaders Toronto NCBP Meeting, August 2011 Don t Fall Down Where Technology is Concerned 6 hot tips in 18 minutes! 1. Don t give me no SAAS 2. What is that
BRING YOUR OWN DEVICE Protecting yourself when employees use their own devices for business Bring Your Own Device: The new approach to employee mobility In business today, the value put on the timeliness
Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology
Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
SURVEY REPORT: cyber security Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions Confidence in a connected world. Executive summary An online survey revealed that while U.S.
My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager
2012 NCSA / McAfee Online Safety Survey National Cyber Security Alliance McAfee JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National Cyber Security
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
CYBER LIABILITY Network Security and Privacy Bring on tomorrow May 15, 2014 1 AGENDA I. Identify Exposures II. Identify how a breach can occur III. The Coverage (Third Party Liability + First Party Losses)
2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National
Acronis 2002-2014 BRING YOUR OWN DEVICE Introduction With over a billion smartphones and tablets at arms length, a majority of your global workforce already possesses the technology needed to better connect
Cloud Computing Security Practices for General User T he cloud is composed of an extensive bulk of computers owned by a third-party in remote location(s). The Internet provides a bridge between personal
Introduction to Dropbox Jim Miller, LCITO Office 785.296.5566 Mobile 913.484.8013 Email email@example.com Introduction to Dropbox What is it? Why use it? Mitigating the risks of using Dropbox? Dropbox
CASE STUDY Take Cover The costs of exposing or losing patient information can ruin a dental practice. Cloud-based solutions can protect your business and your patients against these threats: Unauthorized
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
Accessing files on mobile devices and sharing them with external parties presents serious security risks for companies. However, most current solutions are either too cumbersome or not secure enough for
THE 5 BIGGEST MISTAKES LAWYERS MAKE WHEN CHOOSING A CLOUD SERVICE PROVIDER ( and how to fix them ) In recent years, an increasingly large number of law firms have moved their software and data to the cloud.
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
Use of Mobile Apps in the Workplace: PRIVACY & SECURITY ADAM D.H. GRANT AGRANT@ALPERTBARR.COM Cell Phone & Tablet Ownership 91% of American adults own a cell phone 56% have smartphones Of Americans aged
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
Small Business Cybersecurity Dos and Don ts September 25, 2015 Dover Downs Helping Businesses Grow and Succeed For Over 30 Years Statistics 2 Results from the Cybersecurity Readiness Survey 25% of Respondents
Security and Privacy Considerations for BYOD Carol Woodbury, President SkyView Partners, Inc 1 Introduction The world of BYOD (Bring Your Own Device) is rapidly expanding. You may not think it s happening
Small Business Backup & Recovery (File Servers, Peer-to-Peer, Laptops, Desktops) Smart Features: Continuous Backup Anywhere Access to Backed Up Data Simple Rate Plan Secure Bank Grade Encryption Open Files
Page 1 of 6 8814 Fargo Road, Suite 105 Richmond, Virginia 804.360.4490 www.seltekinc.com July 2013 Computer Forensics IT Support Security ediscovery Security Apps for your Smartphone Smart Ideas for Smartphone
Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
Mobile Devices in the Workplace: What Every Employer Needs to Know Presented by: Shannon Huygens Paliotta Senior Associate, Littler Mendelson, P.C. firstname.lastname@example.org (412) 201-7631 Marcy McGovern Knowledge
Identity Theft and the Tax Practice Edward K. Zollars, CPA www.cperesources.com www.currentfederaltaxdevelopments.com New Mexico Tax Conference Today s Session Identity Theft in General Size of the Problem
Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM email@example.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
Law & Ethics, Policies & Guidelines, and Security Awareness Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of
Marlon R Clarke, Ph. D., CISSP, CISM Director Network Operations and Services, NSU 10-17-2013 Todays Discussion Overview of Computer and Internet Security What is Computer and Internet Security Who Should
Senaca Shield Presents 10 Top Tip For Small Business Cyber Security Presented by Liam O Connor www.senacashield.com firstname.lastname@example.org #Senacashield Small businesses need cyber security too. This slide
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 email@example.com Presented by: Rob D. Moseley, Jr. 2 West
User Guide FOR TOSHIBA STORAGE PLACE (This page left blank for 2-sided "book" printing.) Table of Contents Overview... 5 System Requirements... 5 Storage Place Interfaces... 5 Getting Started... 6 Using
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There