Prometis CyberSecurity helped International Law firm to improve Data Security

  BUSINESS organizations are highly dependent on IT infrastructure, network systems, and sophisticated software applications. Through these components, they are able to carry transactions with an uninterrupted flow of data and information across geographical boundaries. Along with the benefits like speed, automation, ease, etc., these components also brought threats and risks to the businesses in the form of attacks like DDOS (Distributed Denial of Service), data theft, malware, etc.   One of the major concerns is the ease and speed with which businesses are being attacked/brought down, without even the attacker paying a visit to the physical facilities of the business. Securing Information and Communication Technology (ICT) draws the attention of the top management, regulators, and law enforcement alike. Securing IT in an enterprise evolved with a focus on domains like securing networks, securing hosts, securing data, deploying identity and access controls, and with operations across all these domains. Law firms continue to be a highly-coveted target for cybercriminals looking to gain access to business capital, trade secrets, and intellectual property. The biggest cybersecurity risks for law firms Include:<br> ·       Phishing<br> ·       Ransomware<br> ·       Leaks of sensitive data<br> ·       The risks of malpractice allegations due to poor cybersecurity<br>Cybercrime continues to evolve at an alarming pace. If these threats are not contained and stopped, firms can lose assets, highly sensitive, confidential information, and incur millions of dollars in damages. Add to that the public relations nightmare of the backlash from clients whose information was compromised. After a breach, customer trust is eroded, leading them to seek legal counsel elsewhere. The entire business suffers The Singapore Personal Data Protection Act 2012 (PDPA) subjects organizations to various obligations pertaining to the collection, use, and disclosure of personal data, with non-compliance attracting financial penalties, issuance of remedial directions from the Personal Data Protection Commission, as well as reputational damage arising from the publication of enforcement decisions. The firm’s Data Protection practice group advises organizations on the formulation and implementation of internal compliance policies and programs to meet the requirements under Singapore’s data protection laws.<br> LIMITATIONS<br> <br>Cybercrime is a very real threat to the legal industry. One in five law firms reported an attack in 2017. In a survey conducted by ABA Legal Technology, 22% of lawyers reported their firm had incurred a data breach, up from 14% in prior years.<br> <br> APPROACH<br> <br> • Time tested model which is adopted Globally in its Risk Assessment Process • Use SAS tools wherever feasible in the Risk evaluation process, within the overall Risk Assessment exercise <br> RECOMMENDATIONS<br> <br>Law firms hold large volumes of valuable personal and commercially sensitive information about their firms, employees, case information, and clients. This makes the cybercriminals capture a particularly sensitive batch of data to sell or ransom including :<br> • Secret and sensitive information about corporate client’s finances<br> • Documents relating to confidential corporate deals;<br> • Valuable information relating to patented, original and invaluable intellectual<br> • Property and trade secrets;<br> • Key evidence pertaining to bet-the-company litigation; and<br> • Gigabytes (perhaps even terabytes) of emails involving the most intimate, delicate, and private details of their client’s personal and professional lives.<br> <br>Firms should implement a layered program of technical defenses to mitigate the risk of a cyber incident.