The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/7599
the quarterly magazine of ILTA 5 Peer to Peer contents March 2010 features the quarterly magazine of ILTA 33 Peer to Peer features pAge 41 Trends Shaping the Future of Legal Risk Management by Dave Cunningham and Meg Block pAge 44 Gotcha! Offense Is the Best Defense Against Security Vulnerabilities by Donna Payne pAge 48 Careful Planning Ensures Business Continuity an Interview with Brace Rennels pAge 52 A Data Breach Pandemic by Bill Ho pAge 56 Simplifying Risk and Compliance Challenges by Dean Gonsowski, Esq. pAge 58 Avoiding Risk in Lateral Transfers: Lessons Learned by Jerry Rugh pAge 34 Managing Information Risk with Lateral Hires and Lawyer Departures by Pat Archbold Industry trends, including new rules of professional responsibility, case law and government regulations, underscore the growing importance of diligently addressing confidentiality requirements tied to personnel movement. Firm risk and IT teams have critical roles to play in preparing and protecting their organizations when there are lateral hires or lawyer departures. There's no need to walk a precarious tightrope when tools to mitigate your risks are at hand. Letter from the Director Best Practices Ask the Expert Tech Focus Ask the Vendor Smart Moves Bridging the "Risk-Speak" Language Barrier Case Studies 7 8 16 20 22 24 28 www.iltanet.org 6 Peer to Peer BEST PRACTICES S everal years ago, some industry analysts predicted that viruses and other forms of malware would soon become a trivial problem. They couldn't have been more wrong. Over the past few years, there's been a sea-change that's largely gone unnoticed. The Internet is rife with malware, and the repercussions of being infected are more serious than they were before. There are more than 30,000 new malware variants each day, and valid commercial sites are routinely hacked to foist this malicious software on unsuspecting visitors. The payloads are designed to do things like steal banking credentials, use the infected computer to distribute spam, get the user to pay for fake antivirus software — anything that can ultimately generate a profit for the creator. The criminals behind this are aggressively finding and exploiting vulnerabilities in software that enable the malware to install without user interaction. (As I write this, I have a knot in my stomach about one such vulnerability in Internet Explorer that was used to attack at least 34 corporations, including Google and Adobe, and for which a fix isn't yet available). They are also using flaws in website security to help them with delivery. A few weeks ago, one of our lawyers was trying to visit the website of a small law firm in Washington, D.C. Each time she tried, she got a pop-up saying her computer was infected, and she didn't understand why. As it turns out, the website had been hacked to redirect traffic to a malicious site hosting the fake antivirus software. The sheer volume of new malware has seriously eroded the effectiveness of traditional antivirus software in preventing infections; the vendors just can't create that many signatures fast enough. It also makes it next to impossible for vendors to provide descriptions of what a particular piece of malware does or how it spreads. That means if you do get infected, you won't know what your collateral damages are (documents stolen, banking credentials revealed) or how to prevent the virus from spreading from one computer to another within your network. It's now all the more important to prevent infection in the first place. So, how do we prevent infection in this hostile environment? Several things can help: • Don't just rely on end-point protection. Make sure you have robust Web content filtering in place to help block the malware before it gets anywhere near your The Internet: Something Wicked This Way Has Come Malware Detections Jan '09 - July '09 This map illustrates the infection rates of locations around the world, expressed in a metric called CCM that represents the number of computers cleaned per thousand executions of the Malicious Software Removal Tool. Image: Microsoft Security Intelligence Report (SIR) Managing Information Risk with Lateral Hires and Lawyer Departures. . . . . . . . . . . . . . 36 Trends Shaping the Future of Legal Risk Management . . . . . . . . . . . . . . . . . . . . . . . . 43 Gotcha! Offense Is the Best Defense Against Security Vulnerabilities . . . . . . . . . . . . . . . . . . . 46 Careful Planning Ensures Business Continuity . . . . . . 50 A Data Breach Pandemic . . . . . . . . . . . . . . . . . . . . . . . 54 Simplifying Risk and Compliance Challenges . . . . . . . 58 Avoiding Risk in Lateral Transfers: Lessons Learned. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 69 70 Letter from the President Member Resources Overheard on E-Groups, New Members, Event Calendar and More Inside ILTA 10 Reasons to Attend ILTA 2010, LEDES Update, Lessons Learned 80