Cybersecurity: Some Observations from Law Enforcement

Posted by Michael TitensOn September 28, Thompson & Knight invited FBI Special Agent Nathan Hopp to address firm clients and contacts.  T&K Cyber attorney Austin Teng led a far-ranging discussion of recent trends, the latest threats, and recommended cyber defense strategies.  Here are some highlights:More often than not, the FBI learns of a breach and notifies the victim before the victim knew that a breach had taken place.  While solving a data breach case can take years and may not result in the return of any data or ransom, contacting law enforcement gives victims the greatest opportunity for justice and putting the bad guys behind bars. And speaking of ransom, the FBI generally advises against paying ransoms demanded by hackers and has seen situations where data remains encrypted even after a ransom is paid.  Also, “following the money” is rarely possible when the hackers demand bitcoin and use money mules to run the payments through multiple accounts.  Victims of ransomware attacks or other cyber crimes can report those crimes online to the FBI’s Internet Crime Complaint Center (  In addition to ransomware, law enforcement continues to see cases where hackers attempt to receive misdirected payments either by altering a target’s payroll and direct deposit information or by impersonating corporate officers.  Real estate and romance scams continue to be popular.  Hackers also leverage embarrassing photos and communications found on social media for purposes of extortion.So what should a business do to protect itself?  Some suggestions include Have an incident response plan, including who to call and what to do when an incident is discovered.Watch your internet traffic for suspicious activity, including activity to or from unexpected locations.Keep logs that reach back several months.Keep data backups.Encrypt your data.Limit the amount of personal information on company websites and social platforms.To the extent possible, maintain PII (personally identifiable information) and other sensitive data in a separate system that is not outward facing (i.e., not accessible via the Internet).Require two-factor authentication where possible, and require telephonic confirmation for outgoing wire transfers.Have a forensics expert on call and conduct penetration testing or other security exercises on an annual basis.A programming note – Thompson & Knight’s next Cybersecurity Roundtable is scheduled for November 15, when a forensics expert will explain and demonstrate the Dark Web.  For more information, please contact us.