NYSBA State Bar News nameplate

March/April 2014, Vol. 56, No. 2

Annual Meeting 2014

Cyber thieves threaten security of confidential files, work

LPM cyber crime

To catch a thief—John R. McCarron, Jr., left, John C.L. Szekeres and Hal Stewart were members of a panel on cybersecurity hosted by the Committee on Law Practice Management and others as part of a daylong forum on risk management. [Photo by Richard Smith] 

By Mark Mahoney

After a presentation by two FBI Internet security agents, one could not fault the lawyers in the room if they all suddenly felt compelled to toss their PCs into the nearest river and run over their smartphones with a bulldozer.

During an Annual Meeting forum on January 30, the two agents gave a frank—and often frightening—talk about the threat posed by individuals seeking to steal vital financial and legal information. These days, even confidential information is passed along routinely by millions of people daily through Internet hookups, wi-fi, smartphones and other electronic devices.

The forum was part of an all-day program entitled, “Risk Management 360,” co-sponsored by the Law Practice Management Committee and the Committees on Attorney Professionalism, Lawyer Assistance, Continuing Legal Education and Electronic Communications.

For attorneys, the threat of cyber theft means confidential files stored or transferred electronically are vulnerable to being stolen; phone calls with clients are at risk of being monitored; and the content of text messages and emails is in danger of being intercepted.

“It’s all in the air,” one agent said. “It’s a thousand times worse than some creep sitting in the bushes with binoculars.”

Secrets revealed

The two agents, who would not give their names or allow their photographs to be taken because of security concerns, work in the FBI’s New York Cyber Branch. While their identities remained a secret, they unveiled plenty of secrets employed by cyber thieves, including many methods that most people might not even consider.

There are software applications that allow thieves to intercept and record phone calls, track computer usage and decode passwords. Email spoofing, in which the thief sends emails using a forged sender address, is the fastest-growing cyber crime, the agents said.

Law firms, especially those dealing with matrimonial law, are particularly vulnerable because the offended spouse often will employ electronic surveillance techniques to gain information about the other spouse’s financial records, movements and relationships by monitoring household computers, eavesdropping on cell phone conversations and intercepting messages sent over smartphones.

Another panelist, John R. McCarron, Jr. of Carmel (Montes & McCarron PLLC), co-chair of the Law Practice Management Committee, said the more tech-savvy spouses have an advantage.

Cyber criminals also are getting smarter about who they target, as they begin to recognize shortcomings in the information storage system. “They’re getting creative in knowing who maintains data,” one agent said. 

For instance, criminals are no longer exclusively trying to tap into the systems kept by large corporations. Rather, some have begun targeting other organizations that maintain the same data, but that might not have the same high levels of security. One agent compared it to trying to break into the New York Stock Exchange versus trying to break into a shopping mall. Similarly, small law firms are more vulnerable to breaches than large firms that likely have more elaborate security systems.

“Smaller law firms are going to be the low-hanging fruit” for cyber criminals, McCarron said. 

For all the security threats out there, panelists said, we may have no one to blame but ourselves for the explosion in cyber crime. People have become so accustomed to using electronic devices that they do not regularly use the tools available to protect against threats.

“We’ve been conditioned. There’s no stopping it,” one agent said. “Human involvement is always the weak link where it’s failed.”

Worse yet, as young people grow up with the technology, criminal activity will become second nature to those so inclined, they said. 

It can be stopped

But there are ways to thwart, if not completely stop, cyber theft, panelists said.

For instance, make sure your email address is correct when opening or sending messages. Turn off on-air communication when possible. Install apps that show who is connected. Check and review IP addresses. Contact financial institutions when your password keeps being denied or changed.

Get rid of compromised email addresses and update your virus protection regularly. Use sentence passwords, rather than familiar phrases or words that are easy for thieves to decode.

Lawyers should set up separate email addresses for clients, or should avoid altogether sending anything other than routine information to clients electronically.

Panelists also advised people never to have one email be the only method of sending wire transfers. Speak to a real person to verify the exchange. Use protection for wi-fi accounts, and take advantage of products or services available to encrypt information.

Moreover, move data to the cloud and encrypt it, as cloud cyphers often will be safer than keeping data in one’s own network, McCarron said. And use good security software or hire a security expert. 

Panelist John C. L. Szekeres of Hartsdale said it is no longer sufficient to leave your data protection to your information technology department.

As if further evidence was needed to demonstrate how Internet thieves are constantly on the prowl, one of the FBI agents said that a new, unprotected computer hooked up to the Internet will get a virus within 7 minutes.

That’s enough to make anyone think about tossing their computer in the river. 

Mahoney is NYSBA’s associate director of Media Services.