Technological advancements have made a profound impact in all aspect of our lives. And as a result, many businesses are pushing forward with their digital agendas.
The Ascertus Security Thought Leadership Series
Phishing and Ransomware are Linked – Here’s What Law Firms Should be Thinking About
Recently, I was commissioned by an organisation of significant size and in a high-risk industry to demonstrate to the Board the vulnerability of its employees to criminal hackers using non-technical means. Using Open Source Intelligence to gather information on a selection of the most senior individuals in the organisation, I was able to reveal how easily and legitimately, I was able to engage with them, physically access their office building; and if had I intended to do so, use the insight to hack into the business. It was an ‘eye-opener’ for the Board!
This is what malicious social engineers do – they leverage the ‘Perfect Storm’ – created by the organisation’s culture, the employees’ frame of mind and lack of security awareness and the ready availability of detailed personal information, to use social engineering and the “human factor” to gain business sensitive information for their own financial gains.
“Many hackers see employees of
organisations as “the weakest link”
As the technology becomes more complex, many hackers see employees of organisations as “the weakest link”, but to what extent this is the case relies on many factors other than the mere fact of human beings working for an organisation. Several factors in organisations make firms more or less vulnerable to hackers, and it is possible to defend, mitigate and ‘patch’ your own human vulnerabilities.
I’m talking about this issue at the upcoming Cyber Threat Landscape for Law Firms on 23 February 2017:
- How an organisation can be “profiled” by a malicious criminal, who then uses the information to design a hack that is suited to the culture of the target company
- Explain why “culture” is an important element in the shape and nature of an attack, communicating the threat to employees and ultimately in the defence against attack
- Highlight my own “experiences” as an ethical Social Engineer and share some tricks, tactics and methods that I use to attack organisations via their people.
- Offer tips and guidance on how to “wake up the workforce” to the threat of Social Engineering, and how to maintain engagement of staff to prevent cyber threats
My presentation will be fast paced, humorous and revealing! Hope to see you there!
About Jenny Radcliffe
Jenny Radcliffe is an ethical expert in Social Engineering, negotiation, persuasion and influence, non-verbal communication and deception. She uses her skills to help clients – from global corporations and law enforcement to poker players, politicians and the security industry – to protect themselves from cyber criminals.
Although e-billing is playing a role in the commercial relationship between a growing number of UK/European in-house legal departments and their law firms, there are still many organisations that aren’t yet reaping the benefits of e-billing. It’s often said that numerous non-US organisations don’t “get” the value of e-billing. I believe, it’s not that they don’t “get it”, rather the e-billing solutions, until recently, didn’t necessarily deliver against the needs of European organisations.
In a law firm, keeping paper records is a major expense, and a relentless cause of inefficiency and risk. Based on a survey of nearly 200 US law firms across size and geography, half of all lawyers still prefer to work with paper, so most firms continue to accept the precedent of files, folders, boxes, file rooms and offsite records storage.
This finding is likely to ring true for the UK as well.
And for those who want scanning, often a decathlon needs to be undertaken at the copier’s vendor-installed keyboard – i.e. unique logins, passcodes, manual type-entry of one document at a time and so on – to realise the task.
A fully digital matter file liberates the practice of law from the chains of paper records.
To fix all the above issues, a fully digital matter file is fundamental. A fully digital matter file liberates the practice of law from the chains of paper records. The ensuing cost savings, efficiencies and risk reductions are vital to ensure profit and help firms compete in today’s legal environment.
This white paper , entitled, The Paper2Digital™ Law Firm Master Plan, offers a detailed approach, highlighting the key planning elements, how to prioritise objects, as well as policy, workflow and supporting technology assessments for a Paper2Digital initiative in a law firm.
About Steve Irons
Steve Irons is the President of DocSolid, a market-leading provider of Paper2Digital solutions for the legal market. He has founded three document imaging ventures, holds 9 patents, and is a Magna Cum Laude graduate of Northern Arizona University.
With an eye towards budget predictability and managing risk, many in-house legal departments are looking to implement alternative fee arrangements (AFAs) with outside counsel as an element of legal spend management.
There was a time when any arrangement outside straight billable hours was unheard-of, today a greater number of law firms are now open to AFAs – in fact, they have no choice. The issue, therefore, has become one of structuring the best fee arrangements – one that both parties agree to, aligns with the goals and financial requirements of each, and is based upon accurate historical data to give the legal department confidence that the arrangement is intelligent and appropriate.
There are numerous types of AFAs being utilised these days, but before deciding which might be most suitable given the individual circumstances of parties in question, it is wise for law firms and legal departments alike to consider the engagement in terms of true value to their respective organisations and the desired outcome. Is it a “win at all costs” matter or something much less critical in the big picture? Is compromise an option? Is any future relationship with the opposing party involved a non-issue, or does it involve an entity with whom either organisation to continue to conduct business with for many years to come?