Blogs

We recently introduced an initiative called the COVID-19 Question of the Day (QoD). These questions were developed based on content covered in our COVID-19 Global Roundtable and harvested from our eGroups. To provide you with quick access to all of the answers received on our QoD postings, we have aggregated the answers to each question into a blog post. We will also post summary documents in the Resource Library for the Disaster Recovery & Business Continuity and Open Public Forum Communities of Interest. Also, please look for a notification about our next virtual roundtable where we will continue to explore each of the QoDs in more detail! 

What new and/or evolving cyber security threats do we see arising from the current global pandemic? 

• There are so many things that could be discussed here, but with the extended period of time people are spending "sheltering in place" or in isolation, I'm seeing an incredible increase in people (most likely out of boredom) participating in online information gathering poles and/or Facebook challenges. We are essentially giving away information that can be used in social engineering scams. It's no coincidence that these questions mirror the types of security questions used when someone is attempting to change their password.  We may not be able to stop people from doing this ill-advised activity, but If people feel a need to be connected by divulging details about their life on social media, we need to STRONGLY encourage people to put multi-factor authentication on all of their accounts. This is always advisable but is more important now than ever before. 
• How do I add technology to aid in identifying who, specifically, might be under attack? There are several tools out there, including Microsoft Advanced Threat Protection. This tool specifically focuses on identity protection. In fact, Microsoft just published an article entitled "Top 12 tasks for security teams to support working from home" that focuses on the very topic of this thread.  The key element is Microsoft Secure Score. As more and more law firms are rapidly deploying productivity tools, like Microsoft Teams, more and more user identities are being synchronized to the Microsoft Cloud through Azure Active Directory. Protecting these now globally accessible accounts should be the first task for the law firm IT team - and Microsoft has included numerous tools to accomplish those tasks. MFA is one. Geographic location filtering, where you can simply drop all traffic from certain countries, is another. Lastly, they have the comprehensive Conditional Access tool that allows extremely granular control of access to systems, applications, and the domain.  Identity was already going to be the new security battle, COVID just sped up the process. Protecting yourself and your firm during this isolation period involves both education and technology solutions.  And just for a little comic relief - this was the best meme I saw for the day and it happened to be topical! 
  
• I feel the easiest way to sum up "new and/or evolving cyber security threats" in the current climate is with one word - identity. All physical boundaries are gone from the office world - the elevator security, door security, or even the simple idea that you know who is calling you because your internal phone system displays the name of your co-worker when it rings. Now everyone needs to be somewhat vigilant since you can no longer use basic physical factors to confirm identity - and this is something that affects the entire firm.  Help Desk is the first example. We serve as first-line support for roughly 50 small to midsized law firms. One of the items we stress as we onboard new personnel is to validate that the caller is actually who they claim to be. Typically we "call back" using a known good phone number or send some basic verification in email - neither of which is 100% foolproof in an age of SIM hacking capabilities - as this serves as verification steps to ensure the password we are about to reset is being requested by the actual person. If anything feels off, you escalate properly to internal management or management at the firm. Having a lawyer wait a few extra minutes to mitigate damage from a bad actor is a small price to pay.  Now that everyone is remote, internal Help Desk teams need to consider similar measures. Most support calls might not be coming from an internal number anymore, so ensure the Help Desk team does not fall into a malicious trap. We have already heard people seeing an influx of these scenarios play out during the COVID crisis.  THE SAME GOES FOR LAWYERS - and that is the new(er) paradigm. They too will receive calls from numbers they do not know. Lawyers need to be vigilant about who they are sharing information or access with as well. MFA works great until a lawyer builds the instinctive reaction to just "approve" any prompt especially with newer technologies that don’t involve entering a code. These are how malicious events tend to start.