Episode 40 is a great conversation with Matthew Holland, CEO of Field Effect Software, a cyber security company providing tools and managed detect and response (MDR) services to protect against cyber attacks.
Field Effect is Matthew’s second company. In 2007 he founded Linchpin Labs, a company that offered ethical privatized intelligence to governments and companies.
Matt started his cyber security career with an internship at Canada’s Communications Security Establishment (CSE). Canada’s CSE is similar to the NSA in the United States. The CSE ultimately brought Matt into the Tailored Access Operations group to gather signals intelligence (intelligence from communications and information systems).
Matt explains why law firms and legal departments are prime targets for hacking. He thinks of law firms and legal departments as “the formalization of relationships between businesses and people and the documents, the communications around all those resources.” And, in those documents and communications, is the type of very sensitive information hackers hunt for. That is why law firm data security is key.
Matthew also discusses cyber security best practices for law firms and corporate legal departments (cyber security best practices for all businesses, really).
Matthew’s first and foremost suggestion to prevent against cyber attacks? Education. The majority of cyber incidents have a root cause in human error and cyber security education goes a long way. He also suggests the use of multifactor authentication (MFA), VPNs (virtual private networks) and password managers.
He also explains that an organization’s first step in implementing a cybersecurity policy or program is to designate a point person and figure out what kind of budget is available. Once a budget is known, organizations can then start to figure out the best approach to cyber security (what software to use and whether security efforts should be handled in-house or outsourced, like an MDR solution).