Ethical Risks & the Human Element of Information Security: Insiders and Social Engineering

Cyber security is often viewed as a technological field. Despite this, study after study has found that criminal hackers' often low-tech "social engineering" attacks, malicious insiders, and even simple human error are the initial cause of the majority of data breaches and other security incidents. How do these attacks work? And what can you do to safeguard your clients and your practice?

Attorneys can also be held responsible for security incidents as a result of 2012 amendments to the American Bar Association's Model Rules of Professional Conduct. These changes address the increasing use of technology in legal practice and the ongoing need to safeguard client and firm data.

Attorney and information security consultant Scott Aurnou will discuss the amended Rules and the basic steps needed to comply with them, including measures to secure confidential client and e-discovery information. He will provide a background of how electronic data and system access can be at risk from both external and internal attacks (as well as mistakes), outline methods used by attackers, and highlight key steps needed to mitigate risks facing law firms and organizations of all sizes.

Learning Objectives:

1. Learn about ethical obligations under the ABA Model Rules pertaining to attorney competence, technology, and behavior-based security issues
2. Identify and understand social engineering techniques
3. Understand the types of human error that can place an organization at risk
4. Examine the risk presented by malicious insiders
5. Understand effective measures that can be taken to mitigate the effect of human error, insider, and social engineering attacks