Lessons for Legal: Inside the Cybertheft Faced by Two Large Firms

Picking apart the recent cybertheft faced by two U.S. firms working on M&A offers lessons on how legal can avoid similar breaches in the future.

, Legaltech News

   | 1 Comments

Picking apart the recent cybertheft faced by two U.S. firms working on M&A offers lessons on how legal can avoid similar breaches in the future.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Continue to Lexis Advance®

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at customercare@alm.com

What's being said

  • Robert Nichols

    I find Mr Abrenio‘s reliance on encryption to be misplaced, because the TYPE of encryption matters greatly. If each file is encrypted individually with its own password, then yes, his assertions are correct, the bad actors cannot get to the data without that password. But the most common type of encryption is device based, like Bitlocker or Symantec. These encrypt the whole drive or entire folder. If the bad actor has the credentials, (login and pasword,) to get in to the system as an employee, then they can see everything that employee can see whether the data is sits on an encrypted drive or not. If the employee can see the data, so can the bad actor. The only safeguard whole drive encryption gives you is if the drive holding the data is physically taken (or lost in the case of a laptop). Encryption of individual files is best, limiting rights to only those matters the person is working on, and even having an Air Gap network with no internet access for extremely confidential data are suggestions for better security of data in a law firm. Whole drive encryption of data cannot be relied on to secure data in the even of a bad actor obtaining a login and password. Type of encryption of data matters.

Comments are not moderated. To report offensive comments, click here.

Preparing comment abuse report for Article #1202776502486

Thank you!

This article's comments will be reviewed.