Montana Lawyer August/September 2024

RISK MANAGEMENT

Why It’s Imperative to Maintain a Strong Cybersecurity Posture Even Though It’s a Pain.

MARK BASSINGTHWAIGHTE, ESQ.

change the background noise of the call. That’s certainly not good news; and my learning didn’t stop there. Attackers are now using powerful AI tools to clone victim’s voices. What about those banks, credit card companies, and corporations that rely on voice-based authentication sys tems? They’ve got a new problem to deal with, and so do the rest of us. If you think your bank account or other types of accounts can’t be breached or think a member of your staff can’t be fooled, think again. All a hacker needs to do is call you or anyone at your office under the guise of being a prospective client, press record and they’re well on their way. As a risk manager, I also take quite a few calls, year after year. Today I wanted to share one that has stuck with me for a while, because it involves a common theme behind a number of the cyberbreach calls I take. Here is the gist of it. Upon arriving at their office one morning, a couple of lawyers discovered their firm had been broken into. Three laptops con taining all kinds of client information were on the list of items taken. The first question asked of me was “what should we do now.” It was a legitimate question and one deserving of an answer; but I needed to know more. That was when I learned the laptops were not password protected, were not encrypted, and contained no laptop tracking software. In response, I

My cyber security awareness training never stops; and even though much of it is self-in flicted I often feel like I’m still losing ground. In fact, today I’m thinking that selling everything I have, disconnecting from the wired world, and moving to some remote island where I could live out my life running a small tapas stand near a beach might be the way to go. I suspect more than a few of you feel similarly from time to time. What got me going today was con tinuing to read up on the recent MGM Resort ransomware attack, which appears to have been quite sophisticated and yet so frustratingly easy to execute. If you’re curious as to how it all went down, it was a cross-tenant impersonation attack. Yes, I know. What the heck is that, am I right? Here’s the crazy part, this devastating attack started with a quick call to the company’s IT help desk with a password reset request. To pull that off, all the hacker needed to know was an employee name, ID number, and date of birth, all of which were easily obtainable. Of course, my day was just getting started. While I’ve been talking about caller ID spoofing for quite some time, today I’ve learned how widely available services such as

Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s profes sional liability insurance carri er. In his tenure with the com pany, Mr. Bassingthwaighte has conducted over 1,200 law firm risk management assess ment visits, presented over 400 continuing legal educa tion seminars throughout the United States, and written extensively on risk manage ment, ethics, and technology. He is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School

shared that the only thing that could be done now was to take whatever steps they could to prevent anyone from using the stolen hardware to break into the firm’s network. They should also file a claim with their cy ber insurance carrier and notify all clients impacted by the theft. Beyond that, everyone was going to have to live with the reality that the data on those laptops was in someone else’s hands, and may

SpoofCard actually are. Now, for a fee, any one can quickly and easily change their caller ID, change the sound of their voice, and even

in fact, eventually fall into the hands of others, none of whom will have the firm’s or the firm’s clients’ best interests at heart.

24 MONTANA LAWYER

WWW.MONTANABAR.ORG