[BreachExchange] The Biggest Data Breach of 2017 and Why it Matters to Even the Smallest Law Firms

Audrey McNeil audrey at riskbasedsecurity.com
Thu Mar 22 10:15:48 EDT 2018


https://www.natlawreview.com/article/biggest-data-breach-
2017-and-why-it-matters-to-even-smallest-law-firms

The Equifax data breach that occurred in July of 2017 is now infamous as
one of the largest in cybersecurity history. The breach affected 143
million customers, and because of the nature of Equifax, included highly
sensitive information, including social security numbers, full names,
driver’s license numbers, and addresses. This may sound dramatic, but the
implications are universal, and the problem is only worsening. Here’s what
happened and why your business cannot afford to risk a data breach, no
matter what you think you have online.

How Such a Big Brand Got Hacked

Equifax is a massive company that is known for handling sensitive
information. So how did it get hacked? Put simply, hackers found a way in
through a tool used to build components of Equifax’s website. Websites are
only as strong as their weakest link, and that means that every vendor,
from web layout designers to calendar plug-ins to payment processors, must
be vetted to ensure that no doors are left open. Whether building, updating
or re-evaluating a website, it is critical to know who is responsible for
every piece of every page and what measures they take to ensure best
practices for holistic security.

Liability is Everywhere

Negligent security practices are considered an ethical liability. Poor
cybersecurity can lead to malpractice suits, even if a security breach does
not occur. Of course, it can also lead to a breach, which may lead to the
distribution of client information and result in an even worse legal
situation. It is critically important that lawyers recognize the exposure
that their own websites and IT departments face, as well as the potential
risks that their clients face. Precedents are shifting with every case, and
whether the fallout of a data breach is jail time, financial penalties, or
a total loss of consumer confidence and brand reputation, web security
breaches can ruin any business, whether it has one employee or one
thousand. Small firms likely do not employ multiple Information Security
professionals beyond their sole Information Technology person, while large
business often has so many people working in IT that practices become
siloed. This complicates the issue of liability and underscores the need
for comprehensive cybersecurity initiatives, no matter the size of the firm
or the perceived importance or vulnerability of the website.

Protect Yourself and Your Firm

If you do not know for sure whether your practice is currently secure, it
is imperative that you audit your entire organization for potential
vulnerabilities. Current laws implicate individuals for information
security, and many individuals are unaware of their own liability, much
less the best ways to protect themselves and the information for which they
are responsible. After auditing your current IT landscape, moving towards
total information encryption and comprehensive cybersecurity programs are
the first steps in what should become a routine of encrypting data, storing
it wisely, and vetting every vendor’s security practices, every time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180322/559c2e78/attachment.html>


More information about the BreachExchange mailing list