In House - The FindLaw Corporate Counsel Blog

Is Your Work Data Secure? Tips from IBM's Security Officer

Shamlaw Naidoo, chief information security officer for IBM, says that personal behavior is the first line of defense against cyberattacks.

"As consumers, we make the difference," she told an audience at a recent American Bar Association Techshow. "The world we live in is changing. Give yourself the benefit of taking all the steps you can."

Naidoo offered her remarks in the presentation, "Beyond Encryption: Protecting Your Assets Everywhere and All the Time." She urged cybersecurity basics -- setting up strong passwords, updating patches on computers and personal devices and ensuring encryption during internet communications.

She also talked about the problems lawyers will face in near future, as clients demand more protection for their data.

'Data Breach Waiting to Happen'

Naidoo commented on a case against a law firm in Illinois, a proposed class-action by former clients that has been sent to private arbitration. She said the case was notable because it alleged faulty security but did not connect it to damages.

"What I found fascinating was that there was no data breach and no harm to the plaintiff, who said the firm had potential vulnerabilities," Naidoo said. "The harm didn't happen, and there was no evidence that [it] was exploited or inappropriately accessed."

In the lawsuit, the plaintiffs alleged that Johnson & Bell had outdated security programs. The complaint alleged it was "a data breach waiting to happen."

"Now every other plaintiff who has had an intense relationship with a law firm has just learned the way to get back at them is to bring a lawsuit like this," Naidoo said. "The class action may have failed, but the lawsuit hasn't failed."

The Threat is Real

Even if a law firm's information is not hacked, the potential for breach should be enough to give lawyers real concerns. Naidoo said cybersecurity starts with law firm personnel.

"Every security issue happens because someone did something they shouldn't have done, or someone didn't do something they should have done," she said.

A common mistake is opening unsafe email, which can lead to malware that can take down a computer network, compromise client information and expose financial records. Naidoo said lawyers and their staff members should be especially cautious about phishing email that purport to be urgent -- a frequent situation in busy law firms.

"Be aware that any kind of urgency requires you to pause and stop yourself," she said. "The race to click is the race to be attacked."

Related Resources: