fbpx

5 Tech Concepts Every Lawyer Should Know

Tech Skills Every Lawyer Should Have to Protect Their Practice

In today’s increasingly digital world, technology has become integral to the practice of law. Sarah Anderson, Cybersecurity and Artificial Intelligence Attorney and owner of SWA Law LLC and LegallyCyber.com has highlighted five key tech concepts that every lawyer should understand to stay ahead in the game.

1. Memory Malware

Malware essentially means a file that is designed to do “bad” things within a network, often disguised, through its title, as a normal executable file that the computer would expect from its operating system (Mac/Windows). This malware, sometimes referred to as “Fileless malware” is undetectable because it lives only in the memory and uses existing operating system processes to operate, often evading most monitoring software.  This means that if the malware entered the system at any time before endpoint detection/anti-virus software is installed, the software will not find or identify the presence of the malware in the memory. Rather, the sudden installation of such software can notify the bad guys that the victim knows something is wrong and prompt premature encryption.

2. Domain Controllers

These are core assets of any network, holding the keys/access to all data on the network. Every time a user tries to open a file stored on the server, the domain controller checks that user’s privileges and password before allowing that file to open. The Domain Controller stores every username and password, whether for a user with very limited network access or those with unfettered access. Cyber-criminals like their malware to find the domain controllers and harvest (steal) all credentials from each user. This means that the bad guys can log into a network as the CEO or receptionist and everyone in between because they have every password and matching username. Therefore, malware in a domain controller means that the network owner no longer controls its network – the bad guys do (and resetting the passwords will simply give the bad guys the new passwords).

3. System Logs

These are digital logs of everything happening within the operating system, including every login, error message, and application launch. Ideally, every network should retain system logs for a minimum of 90 days. However, cyber-criminals know that system logs may capture the entry and activity of their malware and accordingly, malware is often designed to delete system logs (without any notification to IT staff) to further hide evidence of its existence.

4. Firewall Configurations

Firewalls are great. They are designed to work as a digital wall intercepting and deflecting malicious internet traffic. However, and as best said by a client, firewalls are only as useful as the configurations. This means that simply buying a $15,000.00 firewall may not provide much help. A firewall engineer needs to configure the permissions within the firewall to ensure that it best serves the specific needs of an individual network. And while it is impossible to intercept all bad activity, even with the best engineers configuring it, firewalls do also keep logs of activity allowing professionals to potential identify the date, time, and source of an undesired internet connection (capable of transmitting malware).

5. Memory Forensics

Memory forensics is the process of capturing a sample of the device’s running memory (RAM), which is then removed offsite, and analyzed for evidence of malicious activity. If you made it through this article so far, you know that malware can evade firewalls and anti-virus/endpoint detection software, as well as erase system logs. Therefore, memory forensics is crucial for any suspected cyber incident since memory is where the sophisticated malware resides. There are open-source tools through which to perform memory captures and forensics; however, a skilled and qualified engineer is required to analyze the results. To truly identify and/or prevent a cyber incident, memory forensics is the first and most important start on the journey to recovery.

To dive deeper into these topics, check out Sarah’s On-Demand CLE course, Cybersecurity Basics for Lawyers.

 

 

Looking for a new CLE experience?

We’ll let you know when we release new courses and products.

Continuing Education for the Next Generation™

More Pages