A cybersecurity panel discussion offered some tips and many warnings, Fennemore Craig, Phoenix, Ariz., May 14, 2015.

A cybersecurity panel discussion offered some tips and many warnings, Fennemore Craig, Phoenix, Ariz., May 14, 2015.

How concerned should we be about the sorry results that may befall us if we suffer a cybersecurity breach?

However bad you think things could be, they’re probably going to be worse.

That’s the challenging takeaway I got from a panel discussion on cyber due diligence. It was hosted at Fennemore Craig on May 14, and it included speakers from the firm, prosecutors’ offices, and security firm Kroll.

(The June issue of Arizona Attorney Magazine contains some practical takeaways on cybersecurity preparedness. Read the complete article by attorney Paul Stoller.)

At the Fennemore event, FBI Special Agent Martin Hellmer urged attendees to consider whether their computers housing sensitive data must even “touch the Internet.” Instead, he said, “air-gapped” computers may fill your needs.

“Threats are very real and everywhere,” he said. “Chances are, if your computers are regularly on the Net, and even if you’re regularly patched, you’ve probably been hacked.”

Generations of FBI-watchers hearken back to their work tracking down bank-robbers. But Hellmer said times have changed.

“It’s a great time to be a criminal in the cyberworld. Why someone would walk into a bank today with a note and a gun, I don’t know. Instead, you could sit in the comfort of your own home and steal millions of dollars from someone on the other side of the world.”

Cybersecurity panel at Fennemore Craig, May 14, 2015, L to R: Jim Knapp, U.S. Attorney's Office; Jonathan Fairtlough, Kroll; Sarah Strunk, Fennemore Craig; Martin Hellmer, FBI; and Melvin Glapion, Kroll.

Cybersecurity panel at Fennemore Craig, May 14, 2015, L to R: Jim Knapp, U.S. Attorney’s Office; Jonathan Fairtlough, Kroll; Sarah Strunk, Fennemore Craig; Martin Hellmer, FBI; and Melvin Glapion, Kroll.

Jonathan Fairtlough of Kroll described the “common vulnerabilities and exploits”—“CVEs”—that are most often seen. They include ransomware, spearfish attacks, and “social engineering”—that is, calling customer service and claiming you “can’t find your password”; it works more often than companies like to admit.

Fairtlough added that last year’s large-scale data breaches involved ransom demands seeking bitcoin.

Kroll’s Melvin Glapion reitereated that “Every cyber problem is a human problem.” In fact, 80 percent of breaches include some form of insider (including vendors and consultants). Given that, companies must ask, “Who are we locking inside the gate?”

Another problem may arise via the BYOD movement—which urges companies to allow employees to bring their own device and to use those multiple devices to connect to company servers.

Glapion told the story of a director and screenwriter for Twilight series who refused to be on Sony Pictures’ computer system, opting instead to use their own device. That gap in security, plus a successful phishing expedition, was all that hackers needed to get access to daily updates of scenes during shooting, and even multiple versions of screenplays.

Fortunately, Glapion said, the hacking was done not by criminals with evil intent, but by fans who were obsessed with actor Robert Pattinson (and who hated his co-star Kristen Stewart).

“Those teen girls had the keys to the kingdom,” Glapion said. And your system may be just as exposed.

Also on the panel were Jim Knapp of the U.S. Attorney’s Office. He—like Kroll representatives—urged companies that had been hacked to contact the authorities.

Knapp said, “You do NOT lose control of your case if you call the feds.” Because the company is a victim, the prosecutors will keep you apprised of every step.

The prosecutor also suggested all of us to use “stock false answers” to those multiple password questions we all face. That way, “correct” and accurate answers cannot be ferreted out by hackers examining your life via social media.

Thanks and congratulations to Fennemore Director Sarah Strunk for gathering together such a helpful panel.

Here are a few images of slides from the presentation:

Cyber security Fennemore 3 presentation slideCyber security Fennemore 4 presentation slide

Tomorrow, law firm Fennemore Craig, among others, will be honored for its commitment to improving the numbers of women lawyers in its leadership positions.

Pictured: Five of the Fennemore Craig women equity partners (and their office locations), L to R: Amanda Cowley (Las Vegas), Sarah Strunk (Phoenix), Laurel Davis (Las Vegas), Ann Morgan (Reno), Jodi Goodheart (Las Vegas), Sue Chetlin (Phoenix)

In the October Arizona Attorney, we are running a small item about the Women in Law Empowerment Forum (WILEF) awards. We noted that nine firms with Arizona offices reached the Gold Standard. However, in the state only Fennemore Craig excelled in the award’s six criteria.

Congratulations to Fennemore and all the firms that will be honored tomorrow in New York City. Here is more news from the firm on the achievement.

Women in Law Empowerment Forum recognizes firm’s commitment to women

PHOENIX  The Women in Law Empowerment Forum (WILEF) will honor Fennemore Craig for integrating women into leadership positions at its Gold Standard Awards Luncheon September 12 at the Yale Club in New York City. Twenty-six percent of the equity partners are women across Fennemore Craig’s six offices in Arizona, Colorado and Nevada.

According to Elizabeth Anne Tursi, national chair of WILEF, Fennemore Craig is one of three of nationwide certification winners that met or exceeded all six criteria set by WILEF. There were a total of 50 firms that received the Gold Standard Certification.

Half of the committee members responsible for managing Fennemore Craig are female partners, bypassing the 20 percent award criteria established by WILEF. Additionally over a quarter of the firm’s equity partners and department heads are women.

Firms of 100 or more lawyers in the United States are invited to apply for the Gold Standard certification. Law firms must meet three of the six specific criteria to become eligible for the award. Applicants are required to demonstrate that women account for at least 20 percent of the firm’s equity partnership and show that they hold positions of power and serve on committees.

Sarah Strunk

“At Fennemore Craig, we work actively to develop, recruit, and retain a diverse group of attorneys,” said Sarah Strunk, director and management committee member at Fennemore Craig.  She adds, “The firm devotes substantial time and resources to developing talent and leadership in all of its attorneys and is committed to maintaining gender equity in the ranks of its attorneys. We are honored to receive the 2012 WILEF Gold Standard Certification.” Strunk will accept the award for the firm in New York on September 12.