MT>3
  • Home
  • About
  • People
  • Services
    • e-Discovery
    • Managed Review
    • Information Governance
    • Due Diligence
  • Blog
  • News
  • Contact

Cybersecurity - Top of Mind for Canadians

26/10/2016

 
​At the annual eDiscovery Institute conference yesterday, Susan Wortzman spoke about eDiscovery and Information Governance issues in the news. The panel also featured Iris Fischer from Blakes and John Ratchford of Navigator Ltd. Mr. Ratchford mentioned a survey his firm conducted last year that asked Canadians about how well they believed their personal information was being protected by retailers, financial institutions, technology providers and government agencies. The findings were interesting.
 
Almost three-quarters of those asked were not only aware of recent cyber-attacks, but could name specific North American retailers and Canadian government agencies that had been subjected to a data breach. The fact that specific data breaches were recalled shows that cybersecurity is of major concern to the general public.
 
Retailers were clearly held accountable by consumers, In the case of stolen credit cards, for instance, while most people conceded that the criminal hackers were primarily responsible for the breaches, 65% also assigned blame to the retailers rather than the banks, payment systems or credit card issuers whose technology was actually compromised.
 
Although survey respondents are concerned about organizations that hold their more detailed private information, such as government agencies and banks, the vast majority of them were confident that these organizations had sufficient security processes in place to safeguard the data.
 
Almost two-thirds of the people said that the government should impose much stricter rules around the security of personal and customer information held by others. They also want immediate public disclosure of any compromising of their data.
 
Protecting data is certainly important. However, as we have often said, walls can and will be breached. When this occurs, having an information governance and cybersecurity response plan in place will address the immediate demand from the public for disclosure and remediation, and may even keep your organization out of the headlines.

Your Username and Password Were Stolen.          Now What?

20/10/2016

 
​Far too many people are cavalier about password security.  Perhaps knowing what cyber-thieves do once they have your password will encourage better practices.  Fortunately, as reported on the BBC News website, two computer scientists from the University College in London, England recently released the findings of a study on this very topic.
 
The duo created 100 fake Gmail accounts and then “accidentally” shared their credentials on forums and sites that nefarious data traders are known to frequent.
 
What they found was that there are three main types of data thieves:
 
  • Those looking to exploit the user’s information for financial gain checked that the credentials were valid, and then appeared to sit back and monitor the email traffic, presumably looking for something lucrative to steal, such as emails to and from banks and other online services. After a while, if nothing interesting appeared in a mailbox, the hackers moved on. 
  • Spammers would check that the accounts are for real people, and would then use them to send out thousands or millions of spam emails from the user, on the assumption that the user’s email address had not been blacklisted (yet).
  • Malicious hackers would use the address list of the account holders to send malware, relying on the social engineering aspect that a person is more likely to open an attachment in an email from someone they know.
 
Password theft is increasing.  Yahoo, MySpace, Twitter, LinkedIn, Dropbox and Tumblr have at least two things in common. They are all widely used social networking sites (well, maybe not MySpace anymore), and they have all had their user accounts stolen in the past couple of years. Yahoo has the dubious honour of having the most user accounts stolen – over 500 million were acquired by thieves in 2014.
 
If you have a user account on any of these sites, you ought to change your password. In fact, changing your password for any user account, on a regular basis, is a good habit to pick up. Not only will you protect yourself, you will help to protect all of your contacts from becoming victims as well. 
 
Information security should be at the top of everyone’s list of Internet habits. The better protected you are, the less likely you are to be the victim, and tool, of a data thief.

Is Your Law Firm Cybersecure?

18/10/2016

 
​Six-and-a-half months ago, the news broke that almost 50 BigLaw firms in the U.S. were targeted by Russian hackers. From what could be determined, the hackers did not succeed in obtaining anything useful. Nevertheless, it seemed to rattle the legal industry at the time.
 
Yesterday, ALM, an information and intelligence company, released their second annual Law Firm Cybersecurity Report. The paper, available for purchase from ALM’s site at http://at.alm.com/almintelligence-cybersecurity, contains information derived from interviews with law firm leaders over the past year.
 
So, have law firms taken the hack attempt last March to heart? Sort of.  Although most law firms claim to be more confident than last year that they are able to withstand a cyberattack, very few have implemented well defined protocols that would provide appropriate responses to data breaches, and less than 50% of those who have protocols in place do not regularly conduct “fire drills” to test if the systems actually work.
 
The report cited that more than 70% of law firm clients have exerted pressure on the firms to increase internal data security. While this is certainly a strong incentive to implement better cybersecurity, lawyers need to get out of the mindset where they believe that no one is going to come after them. According to speakers at the 2016 ABA Techshow, “80% percent of law firms have already been hacked, and the other 20 percent are either lying to or don’t know that they have been hacked”.
 
It’s not a matter of if, but when, the hack will occur. Time to be serious about law firm cybersecurity.
<<Previous

    Categories

    All
    Artificial Intelligence
    Blockchain
    Cyber Security
    E Discovery
    Information Governance
    Legaltech
    Privacy
    Social Media
    Technology


    Archives

    February 2021
    November 2020
    October 2020
    July 2020
    June 2020
    April 2020
    March 2020
    February 2020
    January 2020
    November 2019
    October 2019
    September 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    May 2018
    April 2018
    March 2018
    September 2017
    August 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    August 2011
    June 2011
    April 2011
    March 2011
    February 2011
    January 2011
    December 2010
    November 2010
    October 2010
    September 2010
    August 2010
    July 2010
    June 2010
    May 2010
    March 2010
    February 2010
    January 2010
    October 2009
    September 2009
    August 2009
    December 2008
    March 2008
    November 2007
    October 2007

130 Adelaide Street West Suite 2020
Toronto, Ontario M5H 3P5
​ ​
t: 416-642-2220  
tf: 1-877-642-2220  
f: 416-868-0673
Contact MT>3
@MT>3 2018. All Rights Reserved
Picture

Privacy Policy and Terms of Use

  • Home
  • About
  • People
  • Services
    • e-Discovery
    • Managed Review
    • Information Governance
    • Due Diligence
  • Blog
  • News
  • Contact