ABA Techshow

Want to know if work data is secure? Examine your own practices first

  • Print.


Shamla Naidoo, IBM’s global chief information security officer. Photo by Monica Burciaga.

Technology can help you keep data secure, but the first step in preventing a cyberattack is personal behavior, according to Shamla Naidoo, IBM’s global chief information security officer.

“As consumers, we make the difference. The world we live in is changing. Give yourself the security benefit of taking all the steps you can,” said Naidoo, who spoke Friday at the ABA Techshow during the presentation “Beyond Encryption: Protecting Your Assets Everywhere and All the Time.”

Naidoo advised keeping on top of app updates on personal devices, being careful about Wi-Fi usage and having complicated passwords that are hard to track.

“Where do you start with how to secure your world?” she asked, saying that the threat of hacking is constant. “I would argue that we all need to be more responsible. That eventually will spread and create an additional layer of security.”

And if you get an email saying it’s urgent you click an included link—don’t, Naidoo cautioned, because the communication is likely a phishing email.

“Be aware that any kind of urgency requires you to pause and stop yourself. The race to click is the race to be attacked.”

If cloud storage is used correctly, it’s secure, Naidoo told the Chicago audience. She also advised using encryption, firewalls, email security and antivirus programs.

Even if lawyers’ data is not hacked, being exposed for having holes in a system could be damaging. Naidoo told the audience about a 2016 Northern District of Illinois case against the litigation defense firm Johnson & Bell, brought by a former client. The filing described the law firm “as a data breach waiting to happen,” and mentioned an online time-keeping system that allegedly had not been updated for 10 years, Bloomberg’s Big Law Business reported.

Jason Shore, the plaintiff, had hired Johnson & Bell to defend his bitcoin exchange in a 2014 class action, which resulted in a default judgment against the business, Law360 (sub. req.) reported.

“What I found fascinating was that there was no data breach and no harm to the plaintiff, who said the firm had potential vulnerabilities,” Naidoo said at her presentation. “The harm didn’t happen, and there was no evidence that [something] was exploited or inappropriately accessed.”

In February, U.S. District Judge John W. Darrah granted Johnson & Bell’s motion arguing that its client engagement letter did not provide for class arbitration, and he directed the plaintiff to pursue an individual claim in arbitration.

“Now every other plaintiff who has had an intense relationship with a law firm has just learned the way [to] get back at them is to bring a lawsuit like this,” Naidoo said. “The class action may have failed, but the lawsuit hasn’t failed.”

She mentioned that the court had unsealed the lawsuit.

“Clients could wonder: ‘Are they spending enough to protect me as a client?’ ” Naidoo said. “Confidentiality is sacred in our profession.”

“How about you actually put yourself in a defensible position?” she added.

“Every security issue happens because someone did something they shouldn’t have done,” Naidoo told the audience, “or someone didn’t do something they should have done.”

Follow along with our full coverage of the 2017 ABA Techshow

Give us feedback, share a story tip or update, or report an error.