Oh Yeah That Other Risk For Firms from #ILTACON18 Day Two
Yesterday, I wrote about the risks facing law firms from all around that came to mind as I sat through some of the sessions. Tuesday morning, I listened to Keith Lockhart from AccessData talk about responding to data breaches, and then watched 15-year old Marcus Weinberger do some basic hacking.
Oh yeah, there’s also that risk for law firms too.
In all honesty, Keith’s point about having a response plan in place before you need it was essential. After a breach is not the time to figure out who is supposed to do what. Way too little, way too late.
But, the real show-stopper of the morning was Marcus. Not just because he was doing some cool little hacking tricks, but because of just how easy it was to do, and how easy it is to access these tools. This kid doesn’t go out into the Dark Web and buy sophisticated hacking tools. He’s using easily accessible tools, easily accessible educational materials, and relatively cheap hardware to hack websites, wifi networks, and physical devices. He’s got an easily accessible dictionary of 9 million known passwords to use to target networks, wifi access points, computers, social media accounts, etc.
Just for a taste, at one point Marcus uses a little cheap piece of hardware to create a rouge access point. He decided to spoof a wifi network name that some of the people at the conference might have connected to from their rooms. Before he could even connect to that new network using a Windows laptop, we could see other people’s devices connecting to it automatically. Same thing when he named it StarbucksWifi. All of these devices that had been allowed to autoconnect to public wifi networks saw that network name and went on ahead and connected to it, all the while Marcus was capturing traffic from them.
Seriously, if you’re an ILTA member and have access to the session recordings, there is a ton of good stuff to catch from the first two days, but make that session a priority, and maybe make it a priority for anyone who accesses client data on a mobile device, or even thinks about doing so over a public WiFi network.
Then, in the afternoon, the thoughts of law firm risks weren’t at the front of my mind, but a couple of interesting things did occur to me when it comes to the risks for Litigation Support folks. In a session on soft skills, and then again in the eDiscovery Director’s Roundtable, it became clear that the work is evolving, and the necessary skills to do it successfully are as well.
Being in IT, or Lit Support can’t be a “behind the curtain” job where you don’t directly deal with people. You need to be comfortable interacting with every level of the firm, showing the value you bring above and beyond processing data, because if all you do is process data, you are easily replaced. The technology is fast approaching the place where the day to day data processing, loading, and exporting, doesn’t require a ton of technical skill. You’re going to need to be in a more consultative role. One that will require interacting and advising attorneys, clients, and users. You’ll be explaining and training, persuading, doing presentations, etc.
If you can’t do those things, a machine can replace the things you are doing. Spend some time developing those skills. Seriously.
As someone who has a background in doing training, public speaking, presentation, etc. I will add this. There are a lot of resources to help develop those skills, but none of them replace actually doing it. By all means, access those resources, look at things I’ve linked in the Training category, or Speaking tag, but find a way to do some of it for a live audience. That’s the best way to get good at it.
Follow these topics: LawFirms, LitigationSupport, Training