8 May, 2017
Law firms and legal departments are vulnerable to cyber attacks because of the sensitive information kept on file, from confidential personally identifying information and financial details, to high-stakes business information such as trade secrets, mergers and acquisitions, and litigation cases.
Take the Mossack Fonseca breach in 2016, for example. According to an op-ed by John McAfee, that breach was “by far the largest and most damaging cyber attack on record … the release contained 11.5 million documents chronicling the formation and actions of 214,000 offshore companies along with the names and manipulations of more than 14,000 clients1.” As the fourth-largest asset protection law firm in the world, who will cyber criminals target next?
Legal departments may also be responsible for registering and managing promotional and defensive domain names and social media usernames, depending on how a company manages online intellectual property. But does legal also deal with the security aspect of online branding?
Step 1: Audit and consolidate your portfolio
First, to defend against cyber attacks, you need to understand your company’s digital assets. Ask your digital brand protection provider to audit your company’s assets. Find out how many domain names your company owns, which ones are active, and which ones are used for defensive reasons.
Once you have a full picture of the situation, consolidating your digital portfolio is the next best step, so you have an overview of all your assets in one place. Don’t just leave it to your IT or marketing department. All legal or IP professionals, especially those responsible for their digital presence and online reputation, should have an understanding of the company’s portfolio of digital assets.
Step 2: Protect and secure business-critical assets
Once your portfolio is consolidated, it’s a good time to apply easy and cost-effective security measures to your key domain names. Your key domain names are usually your main websites or client portals. If it’s your IT or marketing department that works on the day-to-day with your digital brand protection provider, then get them involved here too. Only you will be able to tell them all of the domains you feel are the most business critical.
Protecting the business-critical domains with two-factor authentication, and multi locks with manual authorization, will prevent domain hijacking, and protect against unauthorized changes and deletions to your critical domain names. Applying these services is relatively affordable—and will secure your main sites.
Step 3: Communicate and educate your clients against phishing
Now that your business-critical sites are secure, make sure you understand the various types of attacks and how they can affect your clients and your company. As soon as your company deals with client-sensitive information, like bank details, client addresses, personal details, etc., it becomes paramount to communicate to your clients about phishing prevention. For example, letting your customers know that your company would never ask for personal information via email.
Your online brand protection provider should be able to offer you a phishing solution that is tailored to your company and brand, and also help you draft phishing training for your company’s employees. Speak with your IT department to understand what protection they’ve applied in-house; those services vary from provider to provider.
We are the business behind businesses.
If you are concerned about the security of your digital assets, request a consultation and free audit.
Reference:
For further information, please contact:
Jayce Yeo, CSC
Jayce.Yeo@cscglobal.com
Alban Kwan, CSC
alban.kwan@cscglobal.com