As the tech industry evolves — enterprise systems moving into the cloud, entire workforces performing their duties from home, stricter privacy regulations — so does the array of threats facing businesses and their users. Phishing attacks in particular have skyrocketed this year, with users isolated from colleagues and IT teams logging on over home Wi-Fi networks.
Some cyberthreats, like phishing, pose a threat to all tech organizations, while some industries are uniquely vulnerable to (or favorite targets of) specific types of attack. Legal tech companies working on e-discovery, for example, handle extremely sensitive data on behalf of lawyers’ clients.
To get a quick pulse of the current cybersecurity landscape, we asked leaders across five local companies to sum up the threats they’re tracking in a single phrase — and then explain how their organization is tackling them.
Breaches of sensitive client data
"Lawyers work with some of the most sensitive information — financial statements, medical records, confidential emails, M&A plans and calendars that reveal the whereabouts, patterns and behaviors in people’s private lives. But when that data becomes part of the discovery process it enters a chaotic pipeline, passing between lawyers, service providers and opposing counsel. Any one link in that chain can lead to a data leak or privacy violation.
Data breaches and other cyber attacks against law firms are on the rise, making security an existential issue for legal teams. It’s critical that security is foundational to law establishments to ensure trust in the processes, lawyers and clientele. As a result, Everlaw’s technology is built on the cloud, which means users don’t have to sacrifice speed for security. We’ve also achieved the highest security certifications, in addition to a FedRAMP Full Authority to Operate, which allows the Department of Justice to securely use Everlaw’s platform for ediscovery, collaboration and document review for litigation and investigations."
AJ Shankar is CEO and Founder of Everlaw, a legal technology platform.
Social engineering in a remote environment
"Social engineering will always remain a threat to organizations, with training as only one aspect to its mitigation. This is especially so in our current work-from-home environment, when communication is no longer face-to-face but largely over email and Slack, making the attack surface much larger.
Chorus takes security seriously because we understand how customer conversations are the most valuable assets for business. With the shift to remote work, these private conversations have left the conference room and now take place in the homes of revenue teams worldwide. Regardless of location, we treat every interaction with the utmost care, providing enterprise-level security standards for everyone. Our platform is built on the highest standards of compliance, with security baked in from the development process all the way to how we onboard new reps and continue company-wide education."
Russell Levy is CTO at Chorus.ai, which creates sales call analysis technology.
Centralized visibility and management
"One of the key challenges is having centralized visibility and management of our applications, systems and infrastructure. Workato has implemented automation across applications, systems and infrastructure to provide centralized visibility, automated management and alerting. Workato has automated the onboarding and offboarding of personnel, endpoint device management, alerting and notifying on activity that is out of policy or suspicious and automatically taking preventative action."
Jayesh Shah is VP of Global Solutions Consulting, Operations and Customer Success at Workato, a workflow automation platform.
"Phishing attacks can come in any shape or form. With everyone working from home, they are on the rise. It’s most important to make sure the team is vigilant and aware, which we do by running regular, unannounced phishing tests. We also require two-factor authentication, install the Password Alert Chrome extension, and leverage the protections available through Google Workspaces."
Troy Astorino is CTO and Co-Founder at PicnicHealth, a digital medical records solution.
Vulnerable cloud and remote endpoints
"We maintain a foolproof system to counter these threats through a few simple practices. To counter remote worker endpoint security threats, we limit threats with the use of tools like Microsoft Intune, Azure’s conditional access security. We also revoked administrative rights, which is estimated to reduce about 65 percent of all critical vulnerabilities. It is also necessary to educate users, and we do that through training processes and creating a general culture of high alertness against attacks. Lastly, we ensure latest device updates with all the latest vulnerability patches to prevent DDoS, cross-site scripting attacks with the help of cloud-managed gateways and web application firewall (WAF) protection features.
To deal with cloud vulnerabilities, we use high-level advance encryption methodology and maintain a strong CIA framework adherence policy. Furthermore, Jade Global assesses its own infra security controls and ratings regularly, with the help of third-party risk assessment vendors."
Suyog Deshmukh is Global IT Infrastructure Manager at Jade Global, an IT consultancy.