United States, Australia, Canada, New Zealand and United Kingdom cybersecurity authorities, including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK) issued a joint Cybersecurity Advisory yesterday detailing the most exploited technology vulnerabilities from 2021. The advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities report that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide in 2021. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.
Important to note is that three of the top 15 routinely exploited vulnerabilities were also routinely exploited in 2020. As the agencies note, their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.
Read More
Topics:
cybersecurity,
Cybercrime,
Patching
With more than two years of a pandemic behind us, many law firms – and many other businesses, for that matter – had expected to be back to the office more fully by now. The latest variant of COVID-19 changed those plans. Now, law firms are facing the fact that they must be prepared to be flexible for the foreseeable future. Indeed, the latest geopolitical disruptions in Eastern Europe demonstrate just how deeply uncertain our world remains. In the face of myriad challenges, how can law firm administrators and IT professionals remain nimble? Let's briefly look at key aspects of accessibility, hardware, software, and data security that will help law firms maintain continual operation in the new reality.
Read More
Topics:
Technology Consulting,
cybersecurity,
Cybercrime,
COVID-19,
Work from Home
Shortly after I signed off of work last night, I checked my smartphone for the first time in an hour or so and discovered I'd missed a call. The waiting voicemail claimed to be from Amazon customer service warning me my account had been compromised by the unauthorized purchase of a refurbished $650 iPhone 6. The purchase had been stopped, the caller said, but my Amazon account would be closed if I did not call them back at 1-866-850-3558.
Read More
Topics:
cybersecurity,
phishing,
Cybercrime
The monstrous cost of cybersecurity failure is demonstrated in headlines daily:
Read More
Topics:
cybersecurity,
Cybercrime,
End of Life
Everyone needs to know what to do in the event of a successful cyberattack.
Read More
Topics:
Security,
Training,
Technology Consulting,
cybersecurity,
Ransomware,
FBI Internet Crime Complaint Center,
US-CERT,
IC3,
Secret Service,
PII,
Federal Trade Commission,
Cybercrime,
Publications,
Articles,
Information Security
Law firm cybersecurity continues to evolve. This is more than just a technology issue or an added clause in the retainer agreement—it’s one of the biggest risks that law firms will face in 2019. Cybersecurity is part of doing business, and pressure from clients is causing firms to invest and focus more on cybersecurity and its concomitant risk management.
Cyberattacks have become so frequent that it is no longer a matter of whether firms will be the victim of a cyberattack, but a question of when and to what extent. This is a result of easily accessible malware and increasingly sophisticated cybercriminals. It is no longer enough to relegate cyber-risk management to the IT department and it requires more than a general guideline on computer use. These prevalent threats are changing the entire IT ecosystem, including documents, websites, emails, servers, cloud applications and mobile devices.
In this webinar, attendees will hear from a panel of law firm professionals, information security experts and IT professionals who will discuss the current security landscape at law firms. The discussion will cover law firms' responsibility to manage cybersecurity, including risk management, potential future threats and steps firms should take today to ensure the security of their firms' and clients' data. The panel will also briefly highlight current security legislation and regulation highlights.
During this moderated discussion, attendees will learn:
• The state of law firm data security today
• The biggest cybersecurity risks for law firms
• What to do to manage cyber risk
• How to recognize a cyberthreat
• The lawyer’s cyber standard of care
• Increasing client requirements of law firms
• How to avoid cybersecurity legal malpractice claims
Read More
Topics:
Webinars,
cybersecurity,
Cybercrime,
Information Security,
David Lam,
Michael Kemps,
Citadel Information Group
Recent research has shown changes in the effectiveness of various phishing attacks.
Cofense, previously PhishMe, issued a report based on 1,400 clients in 23 industries in more than 50 countries that notes that 7.5 million phishing emails were reported in 2017 alone. But the effectiveness of phishing campaigns has shifted.
In prior research, users were most emotionally motivated to open emails that made them feel a sense of urgency, fear or opportunity. Those three emotional motivators have now been replaced with entertainment, social and reward/recognition.
Read More
Topics:
Security,
Training,
cybersecurity,
Ransomware,
Hacking,
phishing,
Cybercrime,
Email Security,
Information Security
If you want to know what’s happening in top cybersecurity threats right now, ask the FBI.
Read More
Topics:
cybersecurity,
Cybercrime
A recent ransomware attack against the city of Atlanta took its computers offline for over a week while city officials, along with the FBI, attempted to remedy the situation without paying the hackers $51,000 in Bitcoin.
Read More
Topics:
cybersecurity,
Ransomware,
Cybercrime,
Email Security,
Information Security
Hackers' methods continue to evolve. That means your security must evolve.
To adequately protect your firm, you need:
Read More
Topics:
Security,
Training,
Malware,
Information Governance,
Email Management,
Network,
Access Control,
Mimecast,
Dual Factor Authentication,
whaling,
cybersecurity,
Passwords,
Biometric Authentication,
Two Factor Authentication,
Ransomware,
Hacking,
Advanced Persistent Threats,
phishing,
Antivirus,
Cybercrime,
Enterprise Mobility Management,
Mobile,
Email Security,
2FA,
Information Security,
Penetration Testing,
Vulnerability Testing,
firewall
We have recently been made aware of a sophisticated email phishing campaign targeting law firms and other businesses.
Read More
Topics:
Security,
Alerts,
Email Management,
cybersecurity,
Hacking,
phishing,
Cybercrime,
Email Security,
Information Security,
Identity Theft
It's that time again — time to file your taxes early so criminals don't do it for you and steal your possible refunds. This is of special importance after the recent Equifax hack in which most Americans' personal information, including Social Security Numbers, was accessed by criminals. The most effective defense is to file your taxes early — before identity thieves have the chance to do it for you.
Read More
Topics:
Security,
Alerts,
Hacking,
phishing,
PII,
Cybercrime,
Identity Theft
Did you miss our CEO Michael Kemps' recent webinar on preparing your firm for the inevitable client audit?
Fortunately, we recorded it for you.
Read More
Topics:
Webinars,
cybersecurity,
Cybercrime,
Client Audits
Just after the school year commenced, Steve Bradshaw, superintendent of the Columbia Falls, Montana, schools got a menacing text from a number he didn’t recognize. The cyber thug behind the message made a myriad of threats – including physical harm to district students and staff and releasing their personal information – unless a ransom was paid in Bitcoin. The community was thrust into a panic, and the district closed its 30 schools for three days. Was this response warranted or appropriate?
Read More
Topics:
Information Governance,
cybersecurity,
Ransomware,
Cybercrime,
Information Security
Comment on this post