Staying Up to Speed on Security
In the September/October 2021 issue of Law Practice Magazine, Lucian Pera suggests lawyers have an ethical duty to read the news. Why? Because in order to maintain competency in technology, lawyers need to keep up to date with the latest security threats and breaches, be aware of when your firm needs to patch or protect a vulnerability and understand best practices for cybersecurity. Following are some great resources to subscribe to or follow to keep up to date with the constantly shifting sands of cybersecurity.
Regular newspaper outlets like the News and Observer, Charlotte Observer, New York Times, Washington Post, Chicago Tribune, Wall Street Journal, LA Times, and others have options to subscribe to daily email summaries and alerts. If there is a major breach, hack, or vulnerability these newspapers will pick them up.
Bar associations and malpractice insurance carriers also often write about cybersecurity and cyberthreats, though it is not as likely that you will get notified about the latest zero-day exploit through these channels.
Getting the News to Come to You
While you could try to visit a lot of websites each day, or fill your inbox with email headline subscriptions, feed readers are the most expedient way to get the headlines all on one page and in one place. Google Reader was one of the most popular, but sadly it no longer exists. However, there are others that are going strong. One is Feedly, which has a free version and is easy to use and set up. Just add the browser extension and subscribe to a feed. Here is a tutorial article and video. Other options include Inoreader and feeder.
The Sources
You don’t need to follow each one of these sources, however, keep an eye on a few of them to make sure you don’t miss something. Many of these resources have news feeds, newsletters and even podcasts.
- Ride the Lightning
https://senseient.com/ride-the-lightning/
If you only follow one news source for keeping up to date with the latest security news, especially as it pertains to law firms, look no further than Sensei Enterprises, Inc. Ride the Lightening blog. Written by Sharon Nelson, Esq, she tirelessly contributes the latest threats and issues that lawyers should be aware of in their practice for cybersecurity and the future of law practice.
- Your IT Consultant
https://senseient.com/your-it-consultant/
You should probably follow more than one resource on cybersecurity, so if you are looking for another look no further than John Simek’s blog. John Simek is Vice President of Sensei Enterprises, Inc. and holds multiple IT and cybersecurity certifications.
- WIRED Security News
https://www.wired.com/category/security/
Popular magazine Wired has a page dedicated to security topics, including “how to” articles and unraveling some of the current threats and exploits.
- Schneier on Security
Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. In addition to the blog, he has a newsletter, books, and essays. His content is decidedly geeky, but he breaks down hacks and threats to really get at the workings of the bad actors.
- Krebs on Security
Brian Krebs worked as a reporter for The Washington Post and developed his security expertise after having his home network invaded by a Chinese hacking group. He writes about exploits, hacks, and threats in a way that non-IT people can appreciate.
- LMG Security
https://www.lmgsecurity.com/blog/
Sherri Davidoff, a frequent speaker, and author of “Data Breaches” maintains a blog that focuses on helping readers not only keep up with cybersecurity news but also explains how to apply best practices for incident response strategy and prevention.
- Ars Technica
https://arstechnica.com/information-technology/
Ars Technica is a news outlet for all things technology. While the Biz & IT category is not completely dedicated to security issues, much of the coverage is dedicated to threats and breaches.
- SANS Newsletters from the SANS Institute
https://www.sans.org/newsletters/?msc=main-nav
SANS Institute provides training and certifications to cyber professionals. They also generously share a lot of information for free including Security Policy Templates, Posters, and Cheat Sheets. They have three newsletters – NewsBites with annotated, semiweekly executive summary of the most recent and important cybersecurity news headlines, @Risk which is a weekly summary of newly discovered attack vectors with explanations on how the attacks worked, and Ouch!, a monthly security awareness newsletter designed for the common computer user.
- Security from ZDNet
https://www.zdnet.com/topic/security/
From Chrome zero-day exploits (yes, update your browser again) to the state of ransomware, the Security category from popular technology magazine ZD Net helps you follow along with the news you need to know to protect your firm.
- Threatpost
Calling themselves the “first stop for security news”, Threatpost is a long running independent source of news and analysis about the cybersecurity landscape, covering breaking news, trends and more.
- Security News from CSO
https://www.csoonline.com/news/
Global in scope “CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks.”
- State of Security
https://www.tripwire.com/state-of-security/
Tripwire’s State of Security blog is powered by a community of bloggers, including IT security professionals from around the world.
Conclusion
Comment [8] to NC RPC 1.1 Competency states: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with the technology relevant to the lawyer’s practice, engage in continuing study and education, and comply with all continuing legal education requirements to which the lawyer is subject. While there are plenty of CLE programs on technology and security to avail yourself of, self-study in the form of reading security headlines will help insure you are ahead of cybersecurity issues, instead of becoming victim of them.