Today started out like every speaker’s worst nightmare. I was scheduled to present at one of the first (8:30 a.m.) sessions of the day, with my colleague Laura Calloway of the Alabama State Bar Association. Our topic was entitled 60 Finance Tips in 60 Minutes.
Those of you who know me personally know I’m not much of a morning person. It’s easier for me to attend such a session when working through the night before. But given the schedule of non-stop seminars and events throughout the day, that wasn’t the most prudent strategy. So instead I opted for a wake-up call with another wake-up call 15 minutes thereafter as a safety feature. Brilliant!
My first call arrived at the precise minute, and I almost instantly fell back asleep contentedly for the best sleep of the day – that extra stolen 15 minutes. My back-up call awakened me, and my first thoughts were that I felt so much more rested. I stretched contentedly and quietly gathered my thoughts for the day. Eventually I glanced at the clock and realized that my back-up call had come not 15 minutes later, but one hour and 15 minutes later!!! I jumped out of bed like a demented Jack-in-the-Box. Every woman’s worst nightmare is to have only 30 minutes to wash, dress, and arrive somewhere. And of course every speaker’s worst nightmare is to be late to the podium.
I did a yeoman’s job of readying myself in record time. I was in the elevator when I glanced at my reflection in the brass door and realized I had not even brushed my hair. I hastily ran my hands through it. All was worth it when attendees crossed my path later in the day with words of sincere praise. Apparently no one but me could tell I was less than well groomed, and not wearing all the usual items of apparel that someone with more prep time would have on. 
I attended many educational sessions throughout the rest of the day, and made my rounds once again through the exhibit hall. It’s amazing that despite having wound my way through all the aisles the day before, I managed to find software, services, and devices I had previously missed.
My “Find of the Day†in the exhibit hall was the 60†multi-media digital wall display from 3M. Officially designated Vikuiti Super Close Projection, it functions simultaneously as a white board, presentation screen, and display for DVD, and anything else you can plug in to a computer interface, and has incorporated stereo sound. It can be permanently mounted on a wall, or purchased with a cart for rolling from room to room. It is height adjustable when on the cart to easily lower to go through doorways, and raise back up for easy viewing height in a crowded room. One thing I really liked about it was the lack of wires, and the fact that there was no need to maintain any distance between a separate projector and the screen. It was all incorporated.
My favorite educational session of the day, presented by John Simek and David Reis, was entitled Information Security for Lawyers and Law Firms. You have probably read or heard that an unpatched or unprotected PC which is connected to the internet will be compromised by something nasty within 20 minutes. That fact is not scary at all compared to what was presented at this session.
Malware – Spyware – Trojans – Worms – Viruses – Scumware – Rootkits . . . OH MY!
We used to think of these things in terms of some pimply faced geek with too much time on his hands trying to prove something about his worth. Not anymore. As I have written repeatedly in this blog, the current motives are purely nefarious and economic, and the perpetrators are highly skilled and disreputable individuals. Motives include corporate espionage, identity theft, credit card fraud, and more.
There have been major inroads achieved in eliminating threats such as viruses and worms. I liken it to the role that consistent and mandatory vaccinations had in eliminating polio and other diseases. Unfortunately, new threats, such as rootkits, have increased 700% since last year. And because their very nature as stealth software enables them to virtually escape detection by morphing continually to keep ahead of detection engines, we are not likely to see a reduction or even slowing any time soon.
What was amazingly scary about the seminar was seeing how easy it was to locate and utilize ready-made tools on the internet designed to create these rootkits, worms, and other malware. They work with a simple dialog box filled with pull-down menus.
The presenters used such tools to create a rootkit right in front of our eyes in less than a minute. It surreptitiously took over the other presenter’s computer and files were copied, the system clock was deleted from the system tray, a program was deleted, and, humorously, they opened and closed the CD tray remotely. All done in minutes right before our eyes.
They emphasized that there is currently no “silver bullet†to deal with this newly evolving rootkit threat. They recommended that at least three different detection engines be used regularly to effectively detect them. If found, they mentioned that even Microsoft recommends you don’t try to cure. Instead, just reformat the hard drive, and start from scratch by reloading your operating system and all of your program software again.
Their conclusions on what it takes to secure your network properly:
1) Acknowledge that there is no silver bullet, and despite the recommendations of many consultants that you pick an all-in-one product, use several. Keep in mind that the best software keeps changing. For example, we were shown a current rating chart of anti-spyware from most effective to least effective. Spybot S & D, which at one time was the best, was at the lower end of the chart. Blacklight was one of the best. But that could change again in a few more months.
2) Properly securing your network or computer is a process, not an event. It involves people, procedures and technology. You cannot succeed by paying attention to only one or two of these factors.
3) Your firm needs a security program which identifies risks and defines the actions that will be taken in the event the risk is present.
4) You need “layered†defenses which guard your gateway to the network, as well as your internal network devices, software and data.
Many other suggestions were offered, from data segmentation to physical biometric sensors on laptops, to more complex and secure passwords. I was pleased that they mentioned what I find is often overlooked and key to any successful security measure: training and retraining for staff and attorneys and new hires.
==========
To return to the main page of the blog, click here. To return to the blog Index, click here.