Lawyers possess personal and confidential data. Lawyers work on important issues that impact people’s lives. For these reasons, lawyers must pay continued attention to cyber and workplace threats, according to experts who spoke on day one of the Wisconsin Solo and Small Firm Conference in Wisconsin Dells.
With CLE tracks in substantive law, practice management, technology, ethics and quality of life, a large hall of exhibitors, and featured speakers and events, this State Bar of Wisconsin event annually attracts solo and small firm lawyers throughout the state.
This year, the program dove right into two scary topics, cybersecurity and workplace safety. But given recent events, in Wisconsin and beyond, taking time to discuss cyber and workplace threats and responses will equip attorneys and firms to be prepared.
Keep Up on Cybersecurity
Cybersecurity expert Joseph Granneman, CEO of Illunination.oi, made his points crystal clear, using actual hacking experiments to show attorneys how easily hackers can access information when cyber windows and doors are left ajar.
We hear a lot about large data breaches – most recently the Equifax breach involving the personal and financial data of more than 143 million people – but Granneman says individuals and small businesses are not excluded from the crosshairs.
“Lawyers handle a lot of sensitive data, and that makes them a target,” said Granneman. “Anyone who isn’t taking proper precautions is a target.”
“The paths to get into almost any company, regardless of size, is almost always through phishing, through a bad website vulnerability, some sort of attack inside the browser, through a bad advertisement, or some other browser exploit,” Granneman said.
And criminals have started to shift their focus on stealing credit card information, Granneman said. “Ransomware is the next evolution to monetize criminal activity because it scales really easily, requires very little investment in technical resources, and it provides an easy anonymous way for them to get paid for their work. It has exploded.”
Through ransomware – hackers find holes to access your network, encrypt your data, and demand a ransom. If your files aren’t backed up, you’re in a bad spot.
“Right now, ransomware is pretty simple to prevent just by taking basic security measures – strong passwords, good security patching of your devices,” he said.
In the future, it may be tougher for lawyers, Granneman said. As ransomware gets smarter, it may begin to target more valuable information, which lawyers possess.
Password tip: “Eight to 10 characters is the sweet spot for password cracking,” Granneman said. For instance, an eight-character password can take minutes to crack, based on the way those passwords are stored. A 20-character password can take months. Make it more difficult with longer, unique passwords. This is just one of the numerous tips attendees took away from Granneman’s comprehensive talk.
We now hear about shootings often, most recently the mass shooting in Las Vegas. Everyone should be thinking about their surroundings with this in mind, the sad truth, says Madison Police Sgt. Shawn Engel, an expert on active shooter responses.
The message hit home this past March, when the Wisconsin legal community was shocked and saddened to hear about the death of attorney Sara H. Quirt-Sann, one of four victims killed by a gunman in Wausau. She was killed at her law office.
Attorneys, who often deal with emotional situations and people, should take precautions to ensure workplace safety, including specific security measures, de-escalation training, workplace policies, and thinking about a worst case scenario. In an active shooter situation, Engel notes three response options: avoid, deny and defend, in that order.
“We want people to be thinking, ‘if I can get out of this environment where these shooters are,’ that’s going to be our best and safest option, assuming we can do that without becoming an easy target,” Sgt. Engel said. “We want people focused on that.”
Sgt. Engel went into detail on all three responses, using a video footage of the 2013 mall attack in Kenya to show how different responses can mean life or death.
In a second session, other panelists discussed workplace safety, including criminal defense attorney Jessa Nicholson Goetz and family law attorney Daniel Bestul.
They talked about safety measures their firms have taken to address potential events. From exit doors to consultation policies, small things can make a big difference.
“We have a policy that we won’t meet with walk-ins,” Bestul said. “If someone, even a client, walks in our office, we may set up an appointment for a half-hour from now, and have them come back. But we feel that a walk-in is a real risk sign, a real red flag.”