United States, Australia, Canada, New Zealand and United Kingdom cybersecurity authorities, including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK) issued a joint Cybersecurity Advisory yesterday detailing the most exploited technology vulnerabilities from 2021. The advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities report that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide in 2021. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.

Important to note is that three of the top 15 routinely exploited vulnerabilities were also routinely exploited in 2020. As the agencies note, their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.

Topics: cybersecurity, Cybercrime, Patching

With more than two years of a pandemic behind us, many law firms – and many other businesses, for that matter – had expected to be back to the office more fully by now. The latest variant of COVID-19 changed those plans. Now, law firms are facing the fact that they must be prepared to be flexible for the foreseeable future. Indeed, the latest geopolitical disruptions in Eastern Europe demonstrate just how deeply uncertain our world remains. In the face of myriad challenges, how can law firm administrators and IT professionals remain nimble? Let's briefly look at key aspects of accessibility, hardware, software, and data security that will help law firms maintain continual operation in the new reality.

Topics: Technology Consulting, cybersecurity, Cybercrime, COVID-19, Work from Home

Shortly after I signed off of work last night, I checked my smartphone for the first time in an hour or so and discovered I'd missed a call. The waiting voicemail claimed to be from Amazon customer service warning me my account had been compromised by the unauthorized purchase of a refurbished $650 iPhone 6. The purchase had been stopped, the caller said, but my Amazon account would be closed if I did not call them back at 1-866-850-3558. 

Topics: cybersecurity, phishing, Cybercrime

The monstrous cost of cybersecurity failure is demonstrated in headlines daily:

Topics: cybersecurity, Cybercrime, End of Life

It happens so innocently: an employee logs into email, sees a message that his password needs to be updated in Outlook and clicks on the link provided. But the email wasn’t generated by Microsoft, it was sent from a cybercriminal who had an email address that looked legitimate. Suddenly, an attack has been launched on your employee and your firm.

The time is now to better understand your firm’s weaknesses. What systems are vulnerable? How can you best secure the environment? How can you best secure data stored in the cloud? How can you best secure on-premises infrastructure? How do you secure your firm’s general computing environment?

Our article “The Top 6 Penetration Testing Fails” will help you answer these extremely tough questions.

We'd love to share advice on enhancing your firm's cybersecurity. Call us at 1-800-541-0450 or email us at sales@innovativecomp.com to get started. 

 

Topics: cybersecurity, Cybercrime, Articles, Information Security, Penetration Testing

Everyone needs to know what to do in the event of a successful cyberattack.

Topics: Security, Training, Technology Consulting, cybersecurity, Ransomware, FBI Internet Crime Complaint Center, US-CERT, IC3, Secret Service, PII, Federal Trade Commission, Cybercrime, Publications, Articles, Information Security

Law firm cybersecurity continues to evolve. This is more than just a technology issue or an added clause in the retainer agreement—it’s one of the biggest risks that law firms will face in 2019. Cybersecurity is part of doing business, and pressure from clients is causing firms to invest and focus more on cybersecurity and its concomitant risk management.

Cyberattacks have become so frequent that it is no longer a matter of whether firms will be the victim of a cyberattack, but a question of when and to what extent. This is a result of easily accessible malware and increasingly sophisticated cybercriminals. It is no longer enough to relegate cyber-risk management to the IT department and it requires more than a general guideline on computer use. These prevalent threats are changing the entire IT ecosystem, including documents, websites, emails, servers, cloud applications and mobile devices.

In this webinar, attendees will hear from a panel of law firm professionals, information security experts and IT professionals who will discuss the current security landscape at law firms. The discussion will cover law firms' responsibility to manage cybersecurity, including risk management, potential future threats and steps firms should take today to ensure the security of their firms' and clients' data. The panel will also briefly highlight current security legislation and regulation highlights.

During this moderated discussion, attendees will learn:

• The state of law firm data security today
• The biggest cybersecurity risks for law firms
• What to do to manage cyber risk
• How to recognize a cyberthreat 
• The lawyer’s cyber standard of care
• Increasing client requirements of law firms 
• How to avoid cybersecurity legal malpractice claims

Topics: Webinars, cybersecurity, Cybercrime, Information Security, David Lam, Michael Kemps, Citadel Information Group

Recent research has shown changes in the effectiveness of various phishing attacks.

Cofense, previously PhishMe, issued a report based on 1,400 clients in 23 industries in more than 50 countries that notes that 7.5 million phishing emails were reported in 2017 alone. But the effectiveness of phishing campaigns has shifted.

In prior research, users were most emotionally motivated to open emails that made them feel a sense of urgency, fear or opportunity. Those three emotional motivators have now been replaced with entertainment, social and reward/recognition.

Topics: Security, Training, cybersecurity, Ransomware, Hacking, phishing, Cybercrime, Email Security, Information Security

If you want to know what’s happening in top cybersecurity threats right now, ask the FBI.

Topics: cybersecurity, Cybercrime

A recent ransomware attack against the city of Atlanta took its computers offline for over a week while city officials, along with the FBI, attempted to remedy the situation without paying the hackers $51,000 in Bitcoin. 

Topics: cybersecurity, Ransomware, Cybercrime, Email Security, Information Security

Topics: Security, Training, Malware, Information Governance, Email Management, Network, Access Control, Mimecast, Dual Factor Authentication, whaling, cybersecurity, Passwords, Biometric Authentication, Two Factor Authentication, Ransomware, Hacking, Advanced Persistent Threats, phishing, Antivirus, Cybercrime, Enterprise Mobility Management, Mobile, Email Security, 2FA, Information Security, Penetration Testing, Vulnerability Testing, firewall

We have recently been made aware of a sophisticated email phishing campaign targeting law firms and other businesses. 

Topics: Security, Alerts, Email Management, cybersecurity, Hacking, phishing, Cybercrime, Email Security, Information Security, Identity Theft

It's that time again — time to file your taxes early so criminals don't do it for you and steal your possible refunds. This is of special importance after the recent Equifax hack in which most Americans' personal information, including Social Security Numbers, was accessed by criminals. The most effective defense is to file your taxes early — before identity thieves have the chance to do it for you. 

Topics: Security, Alerts, Hacking, phishing, PII, Cybercrime, Identity Theft

Did you miss our CEO Michael Kemps' recent webinar on preparing your firm for the inevitable client audit?

 

Fortunately, we recorded it for you.

Topics: Webinars, cybersecurity, Cybercrime, Client Audits

 

Just after the school year commenced, Steve Bradshaw, superintendent of the Columbia Falls, Montana, schools got a menacing text from a number he didn’t recognize. The cyber thug behind the message made a myriad of threats – including physical harm to district students and staff and releasing their personal information – unless a ransom was paid in Bitcoin. The community was thrust into a panic, and the district closed its 30 schools for three days.  Was this response warranted or appropriate?

 

Topics: Information Governance, cybersecurity, Ransomware, Cybercrime, Information Security