Bomb with lit fuseLaw firms, like most businesses today, have embraced the convenient but usually hidden technologies known as the “Internet of Things.”  This extension of internet connectivity into everyday objects and physical devices offers everything from constant video monitoring, to automatic locks, to dynamic heating and cooling adjustments.  IoT devices look, listen, transmit, and record trillions of data points, and a report by ForeScout Technologies suggests that the number of connected devices will reach more than 20 billion by next year.

But all this convenience comes at a price.  IoT devices are particularly vulnerable to compromise because they are relatively invisible to routine patching (if they allow patches), often do not have any security safeguards, and do not always have access controls.  An infected device can, for example, open the backdoor to denial of service attacks, enable hacker control of locks and surveillance equipment, open opportunities for snooping and recording of phone calls, and generally create a gateway through which to launch spam campaigns, steal data, and change credentials.

Let’s look at some vulnerable IoT devices commonly found in today’s law firm:

IP-Connected Security Systems and Infrastructure.  Think of cameras, smart meters, and HVAC controls.  Hacks of these devices can cause problems ranging from spying via video and audio, to destruction or disabling of critical equipment to disrupt operations or to allow for physical break-in.

Smart Video Conference Systems.  This category includes smart TVs, as well as DVR devices, which are typically connected via Wi-Fi or Ethernet.  Compromise scenarios include real-time monitoring of communication, as well as use of the system as a launch pad to the network.

Printers & Phones.  Wireless printers can allow almost undetectable access to confidential information (real-time or stored jobs) or, if compromised generally could allow a hacker to obtain administrative passwords and create a network bridge.  Because VoIP phones are internet connected, their configuration settings may be compromised to allow call snooping or even to create outbound calls.

Light Bulbs?  Yes, light bulbs!  According to the above ForeScout report, smart lightbulbs operate on Wi-Fi and mesh networks.  “In a wireless mesh network, the network connection is spread out among dozens or even hundreds of wireless mesh nodes that “talk” to each other to share the network connection across a large area.”  The more nodes, the more avenues for entry into a system without being on the network.
Continue Reading Law Firm IoT: Internet of Things or Instruments of Trouble?

Courtesy of Wikipedia, To Serve Man (The Twilight Zone)

To truly appreciate just how we are served by the digital economy, we must revisit Damon Knight’s award-winning 1950 short story To Serve Man.  Popularized by a beloved 1962 TV episode of The Twilight Zone, Knight’s tale tells of aliens coming to Earth to bring humans “peace and plenty.”  Courtesy of the aliens’ advanced technologies, we soon enjoy the global benefits of unlimited electrical power, inexhaustible food, and the end of warfare.  And better yet, humans are invited to visit the aliens’ home planet, a galactic paradise.

Meanwhile, a skeptical person toils to decipher the aliens’ cryptic language, in order to read a purloined alien book and come to understand their motives for such astounding beneficence toward humankind.  The book’s translated title is reassuring – “To Serve Man.”  Only later is our intrepid translator able to decipher the book’s first paragraph, revealing that it is not a treatise on helping humanity.  It’s a cookbook.

The digital revolution has indeed brought us benefits on a global scale, unimaginable just a few decades ago.  The Internet informs us, social media connect us, and our apps and devices support us.  All problems solved, right?

But something is wrong in our advanced-technology-paradise.  The digital economy traffics in something of great value – our information – and we remain largely oblivious to the basis of our “bargain.”  The signs are right there, in front of us, like a book waiting to be read.  For example, consider this from The Atlantic:
Continue Reading How the digital economy serves us

Fried egg on the sidewalk
“This is your information, ungoverned.”

2017 was rife with data dangers.  Nary a day passed without headlines of massive data breaches and ransomware attacks; Russian election-meddling through WikiLeaks and social media; fake news; and presidential tweet-storms.  Disruptive information-driven technologies continued to emerge, from block-chain to biometrics, IoT, AI, and robotics.  Meanwhile, the sheer volume of our personal and business data inexorably grew.

What better way to start 2018 than with a renewed commitment to Information Governance?  So, here are a dozen reasons why your organization should govern its information, in 2018 and beyond: 
Continue Reading 12 reasons to govern your information in 2018

Charging ElephantOur firm’s elephant icon is a nod to The Blind Men and the Elephant, the familiar, age-old parable for how we often do not see the big picture, but instead only the parts we directly encounter. And so it goes for organizations’ data. Individual company functions and departments often have their own, limited perspectives on information, seeing only the risks and opportunities with which they are directly familiar. Limited perspective yields limited perception – not a good thing for identifying, understanding, and controlling organizational risk.

I actually prefer a slightly different version, The Blind Elephants and the Man:

One day, six blind elephants were in a heated argument about what Man was like. To resolve their dispute, they sought out and found a man. The first elephant “felt” the man and then proclaimed “Man is flat.” Each of the other elephants, in turn, felt the man, and they all agreed.

The moral? Limited perspective not only yields limited perception – it can also lead to very bad results.

“Information Governance” has become an overused buzz-phrase, often trotted out as marketing mumbo-jumbo for selling technology tools.  In all the hype one can easily lose track of what it really means.  At its heart, Information Governance is no more – and no less – than making sure the organization sees the big picture of information compliance, cost, risk, and opportunity when making strategic decisions.
Continue Reading Why govern your information? Reason #2: Your information risks and opportunities arise from a single source – your data. Your response strategies should be synchronized too.

When Earth Day rolls around each year, I can’t heEarth in human handslp but think of the picnic scene from Mad Men.  After Don Draper chucks his empty beer can into the pond, Betty snaps the blanket, dumping their litter across the grass, before trundling the kids off to the family car (12 MPG, leaded gas, with no emissions control).

Mad Men‘s magic was culture clash, the shocking contrast between the oblivious then – sexism, homophobia, humans as ashtrays – and our enlightened now.  What makes the picnic scene so memorable is the gobsmacking environmental thoughtlessness of that era, in which the only things green were money and envy.

And my, how far we’ve come.  We reduce, reuse, and recycle. Some of us compost, and others glare at the poor souls who still occasionally litter.  We spend extra money for energy-efficient vehicles and appliances.  We tend to buy local and organic, and we worry about chemicals in our food and water.  Most folks are concerned about climate change and believe we need to change human behavior to slow it.  In short, we devote significant thought, time, effort, and resources to be environmentally responsible.

At the same time, we remain completely oblivious to the swirling plumes of data exhaust we emit every day, and the toxic accumulations of data in the landfills of our devices, servers, and cloud accounts.  When it comes to data pollution, guess what – we’re Don and Betty.


Continue Reading Earth Day and data pollution

Bean of Chicago Millennium Park, Illinois, USAIt happens every day.  A company spends a huge amount of money on a new technology system, without fully addressing the information implications.  Maybe the decision (to move on-premise operations to a cloud SaaS or PaaS, or to retire and replace an enterprise database, or buy a comprehensive new tool suite) was reactive, driven by an impending crisis.  Maybe the decision-making was siloed, with IT not clearly hearing what the rest of the business truly needs (or more likely, the rest of the business not speaking up).  Or maybe IT just responded literally to a business directive of the moment (let’s get into IoT, or Big Data, or Blockchain!).  Regardless, the green light is lit, the dollars are spent … and problems ensue, painfully multiplying the procurement’s all-in cost.

What was missing? Strategic consideration of repercussions for information compliance, risk, and value for the organization as a whole, including privacy, data security, retention/destruction, litigation discovery, intellectual property, and so forth.  In other words, Information Governance.  And when was it missing?  Before the decision was made and the dollars were spent.

So, what if something could be hard-wired into the procurement process, a trigger that timely prompted decision-makers to call time-out; get focused input from all stakeholders; assess the repercussions for information compliance, risk, and value; and align the procurement requirements and purchase decisions with organizational strategy for governing information?


Continue Reading X Percent for Information Governance

Endless book tunnel in Prague libraryAs the information tide relentlessly rises, many organizations simply see an IT problem, to be fixed with a purely IT solution – more storage capacity, more tools, or both.  But merely adding more storage is a reaction, not a strategy.  And adding technology tools without the right governance rules invariably makes things worse, not better.

This is not a criticism of your IT team.  Instead, the problem lies in a misunderstanding of the fundamental challenge.  Just as you shouldn’t bring a knife to a gun fight, you shouldn’t merely bring more storage capacity and IT tools-without-rules to your fight to regain control over your organization’s information.  What’s needed is governance.


Continue Reading Why govern your information? Reason #7: Merely adding more storage and more tools won’t solve your data problems

television addict man watching tv holding remote control mesmerizedOn Monday the Federal Trade Commission announced a $2.2 million settlement with VISIO, one of the world’s leading providers of smart TVs.  The deal settles charges by the FTC and New Jersey’s Attorney General that VISIO collected data from 11 million consumer TVs, without consumers’ knowledge or consent.  According to the complaint, the secretly collected data included second-by-second viewing data and IP addresses, to which data aggregators added demographic information, including age, sex, income, marital status, household size, education, home ownership, and household value – a covert data cornucopia, tailor-made for targeted advertising.

But in her concurring opinion, Acting Chair Maureen Ohlhausen (recently appointed by President Trump to lead the FTC) signaled a retreat from FTC enforcement based on unfair practices.

So, while we’re watching our TVs, and our TVs are “watching” us, who’s watching out for our privacy & security interests with the Internet of Things?


Continue Reading Me, my TV, IoT, and the FTC – who’s watching whom?

Depiction of the outages caused by Friday’s attacks on Dyn, an Internet infrastructure company.
Depiction of the outages caused by Friday’s attacks on Dyn. Source: krebsonsecurity.com.

On Friday, a series of massive distributed denial of service (DDoS) attacks caused internet outages across much of the US, and also in parts of Europe.  The epicenter was Dyn, an Internet performance management company that provides Internet services to some of the web’s most-visited sites.  In three separate attack waves on Friday, tens of millions of IP addresses pelted Dyn with junk packets, resulting in Internet access outages at such popular destinations as Amazon, Netflix, Reddit, Spotify, and Twitter.

The culprit?  My DVR box.  Or maybe yours.


Continue Reading My DVR shut down the Internet