Have we learned nothing from Battlestar Galactica? I’m pretty sure I’ve asked this question before and answered it in the negative. The answer seems to be becoming increasingly negative.
The Galactica, you’ll recall, had to protect its computer systems by making sure they had no connection to any outside communication. No email, no YouTube, no news updates, no communications with approaching vessels, no music downloads, no porn. Otherwise, the Cylons could get into the system.
You’d think law firms would isolate their sensitive client data the same way, but apparently, it’s not happening.
An ABA Journal article the other day began with this unnerving paragraph: “On the same day that a massive ransomware attack hit DLA Piper, cybersecurity startup firm LogicForce released a chilling report that found that law firms are still woefully unprepared for all sorts of cyber threats.”
Do you feel chilled?
Of course, incorrigible cynic that I am, I have to point out that the report showing that most law firms aren’t properly protecting their data comes from a company that wants to sell you its data-protection services. You can’t even get a copy of the report without providing your name, title, firm and email address (or click on the link I just gave you).
Could a sales pitch be your next step to cybersecurity?
The report, if you haven’t looked at it, begins with this curious photo:
Apparently, hacking emanates from glowing balls of light in the sky that shoot interconnecting rays. I had no idea this was true, so the report is informative.
The report also has a lot of numbers, which may or may not be terrifying, depending on how you look at them.
For example, a “key finding” was that “Every law firm assessed was unwantedly targeted for confidential client data in 2016-2017 (49 percent of total study group).”
So 51 percent were studied but not assessed?
Later, the report says that 66 percent of law firms have had a breach of some variety.
I quit paying attention to the numbers after that.
The report, not surprisingly, ends with this: “For more information about the LOGICFORCE Law Firm Cyber Security Scorecard, or how LOGICFORCE can assist your firm in raising your score and improving the security of your clients’ data, please contact us. LOGICFORCE welcomes your questions and looks forward to serving your firm.”
Presumably for a price.
OK, this isn’t necessarily evil, but it strikes me that there are some easy and cheap fixes that don’t involve hiring experts.
You can go full Galactica. You can make copies of everything. You can print stuff out and stick it in drawers in case of emergency.
Or – my favorite solution – you can make up a lot of misleading information and put it into computers open to hacking. Just not too open – it’s got to look real.
Then when the Cylons attack at the wrong coordinates, they’ll fall into your trap.
Another view: Almost immediately after the above was written, LogicForce issued a press release touting its report with one interesting difference: a new cover photo. To wit:
I think someone confused cyber-punk with steampunk.
The other tech hazard: I can’t leave this topic without noting that there may be an issue with technology that’s a lot more significant than malicious hacking.
I’m speaking, of course, about not knowing how to use the darn computers and their programs.
That’s why we get headlines like this one last week: “Lawyer: UW-W coach missed deposition because emails landed in junk folder.”
I’m not exactly sure why this was a news story for the GazetteXtra, a Wisconsin newspaper. I’m a lot less sure why it got picked up and rewritten for the online ABA Journal. Maybe they’re beefing up their missed-deposition coverage.
Be that as it may, LogicForce’s next report should be on how many lawyers know how to change the settings on their spam filters.
There should be some fascinating numbers coming out of that survey.