What We Do
How we do it
Jan 13, 2022
GootLoader Hackers Are Compromising Employees of Law and Accounting Firms, Warns eSentire
GootLoader Gang Launches Wide-Spread Cyberattacks Enticing Legal and Accounting Employees to Download Malware eSentire, the industry’s leading Managed Detection and Response (MDR) cybersecurity provider, is warning law and accounting firms of a wide-spread GootLoader hacker campaign. In the past three weeks and as recently as January 6, eSentire’s threat hunters have intercepted and shut down…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Oct 28, 2021
Telarus and eSentire Expand Partnership to Safeguard Enterprises Globally Against Business Disrupting Ransomware and Zero-Day Attacks
London, UK and Sydney, Australia– Oct. 28, 2021 - eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announces the expansion of its partnership with Telarus, the largest privately-held distributor of business cloud infrastructure and contact centre services. Building on their mutual success across North America, Telarus will bring eSentire’s Managed…
Read More
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Jun 09, 2021

ABA FO498 Blog Post

Virtual Reality or the New Reality of Virtual Practice?

Speak With A Security Expert Now

The Covid-19 pandemic forced lawyers and judges to practice outside of their physical facilities, and continue professional services from their home offices. That same period was the worst on record for cyberattacks:

In response, the American Bar Association (ABA) published Formal Opinion 498 (FO498) to address practicing law outside of the traditional brick-and-mortar office environment. It reminds lawyers that while the ABA Model Rules of Professional Conduct permit virtual practice, these Rules provide minimum requirements and recommendations for virtual practice, particularly in the areas of competence, confidentiality, and supervision.

ABA FO498 is more aspirational than prescriptive. Let’s take a look at how eSentire can help you operate a secure virtual law practice in the areas of:

Managing software and hardware

In the wake of massive software and vendor exploits (SolarWinds Orion and Microsoft Exchange), FO498 reminds lawyers of their obligations to review vendor terms and conditions (T&Cs) to ensure that client confidentiality is protected. But vendor management goes beyond T&Cs. Lawyers are required to ensure these systems are up to date with service patches which are often deployed to eliminate security vulnerabilities.

Accessing client data and transferring documents

When working remotely, it’s tempting to use personal services, like email and file sharing, to quickly distribute information to clients. Of course, these services are not necessarily secure enough to meet confidentiality requirements. And even commercial systems are vulnerable, as was the case with Jones Day when hackers claimed to have accessed Jones Day client files from their file sharing service, Accellion.

In addition to the protocols noted earlier (e.g., reviewing the terms of service and any updates to those terms), lawyers must confirm that documents in virtual document and data exchange platforms are appropriately archived for later retrieval and that the service or platform is and remains secure. For example, if the lawyer is transmitting information over email, the lawyer should consider whether the information is and needs to be encrypted (both in transit and in storage). And, avoid using personal email and file sharing services.

FO498 requires that lawyers prepare for the eventuality of a data breach, with policies that include client notification. It also requires lawyers to employ data back-up systems to create resilience, and assume the likelihood of data theft or destruction with specific data breach policies. In this regard, FO498 augments 2018 Formal Opinion 483 which outlines a lawyer's obligations after an electronic data breach or cyberattack.

Virtual meeting platforms

The term, Zoombombing, joined the popular lexicon as unwanted criminals joined meetings and took over screen sharing to display pornography or hate speach. And as the firm doubled-down on security measures, the FTC investigated the firm’s claims, resulting in a rapid settlement. And it wasn’t only Zoom; Citrix and Microsoft Teams also had their issues and vulnerabilities.

Much like any other software, these systems must be updated and operating on the latest versions to prevent exposure to known vulnerabilities, and rely on controlled access (passwords and other security measures) to restrict unauthorized access. Beyond the FO498 requirements, there are a few best practices that reduce the risk of abuse:

Smart speakers, virtual assistants and other listening devices

Lawyers understand that the need to protect client confidentiality extends beyond the confines of the law firm, but think in terms of overheard conversations in elevators, public spaces or restaurants. But few consider what their smart speakers, virtual assistants or even watches are overhearing. These devices are generally used under consumer T&Cs which create risk when it comes to how these devices listen (passively or actively), what they capture, the purpose of the collected information, and how it is protected. Unless the technology is assisting the lawyer’s law practice, the lawyer should disable the listening capability of devices.

How we can help

Learn from the past to invest in the future

One lesson to learn is that tectonic events like the Covid-19 pandemic wasn’t the first event to shape security practices, and it certainly won’t be the last. Many security events can be avoided by simply adhering to basic cyber hygiene: use strong passwords, multi-factor authentication, secure WIFI and VPNs. And vendor risk can be reduced by keeping up on patching, and avoiding accessing corporate services from personal accounts. We can help.

View Most Recent Blogs

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.