Law firms, like most businesses today, have embraced the convenient but usually hidden technologies known as the “Internet of Things.” This extension of internet connectivity into everyday objects and physical devices offers everything from constant video monitoring, to automatic locks, to dynamic heating and cooling adjustments. IoT devices look, listen, transmit, and record trillions of data points, and a report by ForeScout Technologies suggests that the number of connected devices will reach more than 20 billion by next year.
But all this convenience comes at a price. IoT devices are particularly vulnerable to compromise because they are relatively invisible to routine patching (if they allow patches), often do not have any security safeguards, and do not always have access controls. An infected device can, for example, open the backdoor to denial of service attacks, enable hacker control of locks and surveillance equipment, open opportunities for snooping and recording of phone calls, and generally create a gateway through which to launch spam campaigns, steal data, and change credentials.
Let’s look at some vulnerable IoT devices commonly found in today’s law firm:
IP-Connected Security Systems and Infrastructure. Think of cameras, smart meters, and HVAC controls. Hacks of these devices can cause problems ranging from spying via video and audio, to destruction or disabling of critical equipment to disrupt operations or to allow for physical break-in.
Smart Video Conference Systems. This category includes smart TVs, as well as DVR devices, which are typically connected via Wi-Fi or Ethernet. Compromise scenarios include real-time monitoring of communication, as well as use of the system as a launch pad to the network.
Printers & Phones. Wireless printers can allow almost undetectable access to confidential information (real-time or stored jobs) or, if compromised generally could allow a hacker to obtain administrative passwords and create a network bridge. Because VoIP phones are internet connected, their configuration settings may be compromised to allow call snooping or even to create outbound calls.
Light Bulbs? Yes, light bulbs! According to the above ForeScout report, smart lightbulbs operate on Wi-Fi and mesh networks. “In a wireless mesh network, the network connection is spread out among dozens or even hundreds of wireless mesh nodes that “talk” to each other to share the network connection across a large area.” The more nodes, the more avenues for entry into a system without being on the network.
Continue Reading Law Firm IoT: Internet of Things or Instruments of Trouble?
In a federal court criminal 
Having too much data causes problems beyond needless storage costs, workplace inefficiencies, and uncontrolled litigation expenses. Keeping data without a legal or business reason also exacerbates data security exposures. To put it bluntly, businesses that tolerate troves of unnecessary data are playing cybersecurity roulette … with even larger caliber ammunition.
Being a CISO is a tough gig. The perpetual deluge of news items on hack after hack, breach after breach, has finally conveyed that data security is an imperative for all companies, large and small. But the perception still lingers that the Chief Information Security Officer (or her InfoSec team) will single-handedly prevent breaches at “our” company – and if one should occur, will take care of the response. For some CISOs, it may feel like 
Most people have elevated stress during the holiday season — work, travel, family, money, time. And holiday stress can make people inattentive, tired, frustrated, and willing to take short cuts, especially when it comes to computer and Internet use. This is when mistakes happen. It’s when we decide to evade policy by emailing work home or by using the unsecured airport Wi-Fi because our plane is delayed. It’s also when malicious acts of information theft, sabotage, and fraud can more easily occur and go undetected.
As technical security improves, human security vulnerabilities are increasingly in the bulls-eye. For a fresh look at social engineering, and how best to defend against it, there’s no better source than a hacker. So, I reached out to Cliff Smith, Ethical Hacker & CISSP at 
Whew – we’ve survived yet another round of states enacting or amending their PII breach notification laws. If a trial lawyer’s vacation is the time between her question and the witness’s answer, a data security lawyer’s vacation is when state legislatures are out of session.
If you had a choice between doctors to perform surgery on you, which would you pick: a doctor who has sat through training on how to perform an appendectomy; or assurance that your doctor will successfully perform your appendectomy?
The indictment filed last Friday by Special Counsel Robert Mueller explains how Russian military intelligence officers hacked into computer systems of the DNC, the DCCC, and Clinton Campaign employees during the 2016 presidential race. With sweeping, specific details that have compelled unanimous confidence among Americans (except apparently 
How time flies. Seventeen years ago, I went to work for a small, visionary company based in Seattle—Computer Forensics, Inc. Indeed, the founder was so early in the e-discovery and forensics industry that our URL was forensics.com. Laptop drives typically had 8 GB of storage, and servers were more often than not simply a bigger box that sat in a closet.