Here's a quick checklist of things you should do when your email has been compromised.
June 7, 2018 3:00 PM
May 22, 2018 12:52 PM
Recent research has shown changes in the effectiveness of various phishing attacks.
Cofense, previously PhishMe, issued a report based on 1,400 clients in 23 industries in more than 50 countries that notes that 7.5 million phishing emails were reported in 2017 alone. But the effectiveness of phishing campaigns has shifted.
In prior research, users were most emotionally motivated to open emails that made them feel a sense of urgency, fear or opportunity. Those three emotional motivators have now been replaced with entertainment, social and reward/recognition.
March 13, 2018 3:14 PM
Hackers' methods continue to evolve. That means your security must evolve.
To adequately protect your firm, you need:
Topics: firewall, Penetration Testing, Information Security, 2FA, Email Security, Mobile, Enterprise Mobility Management, Antivirus, Advanced Persistent Threats, Cybercrime, Vulnerability Testing, Hacking, Ransomware, Dual Factor Authentication, Two Factor Authentication, Biometric Authentication, Passwords, cybersecurity, phishing, whaling, Mimecast, Information Governance, Access Control, Network, Email Management, Malware, Training, Security
February 28, 2018 2:09 PM
We have recently been made aware of a sophisticated email phishing campaign targeting law firms and other businesses.
February 26, 2018 12:54 PM
It's that time again — time to file your taxes early so criminals don't do it for you and steal your possible refunds. This is of special importance after the recent Equifax hack in which most Americans' personal information, including Social Security Numbers, was accessed by criminals. The most effective defense is to file your taxes early — before identity thieves have the chance to do it for you.
May 3, 2016 4:17 PM
It's happened. You've done everything you can to defend your law firm from this day, but the hacker successfully breached your walls. Now, you're faced with encrypted files, lost confidential data, demands for money, the insertion of other forms of malware on your network or, even worse, some combination of these and/or more malicious activities or demands.
What do you do now? Who needs to know? Who are you gonna call?
Topics: Security, Training, Malware, IT Tips, Email Management, whaling, cybersecurity, Hashcat, Passwords, Hacking, phishing, Virus, Antivirus, FBI Internet Crime Complaint Center, US-CERT, IC3, Secret Service, PII, Federal Trade Commission, APTs, Cybercrime
April 5, 2016 10:41 AM
Ransomware, in layman’s terms, is designed to extort money from law firms, companies and individuals by holding their data hostage. CryptoLocker (and its variants) is a type of ransomware that infects a computer and seeks out common data files, such as pictures, music, PDFs and Word and Excel documents. It then encrypts those files so the user can’t open them, leaving the victim two choices: pay the cybercriminal or lose the data.
Need an example? Check out what happened to the Town of Discovery Bay, Calif., when its network was compromised by CryptoLocker.
Unfortunately, it only takes one wrong click to become a victim. Thus, ransomware prevention is crucial for law firms of any size holding confidential information. And what law firm isn't?
Download and use our 10 Steps to Ransomware Prevention:
A Checklist for Managing Computer Vulnerabilities to help ensure your law firm can survive a ransomware attack.
March 30, 2016 7:29 PM
One click. That's all it took. One single click.
All the law firm's data. All of it. Gone. Encrypted. Corrupted. The best you can hope for is that you get
March 22, 2016 10:01 AM
Along with ransomware, another threat — whaling — has been dominating the news lately. While phishing has been going on for years, whaling is a slight change of direction offering greater monetary rewards for successful hackers.
In our own past experience, a law firm’s bookkeeper received an innocent-looking email from the managing partner requesting that several thousand dollars be paid from a certain account. The email looked legitimate and even came from the managing partner’s email address. But, in reality, it was a spoofed email.
The attacker faked the email address, figured out who the bookkeeper was and sent them an email pretending to be the managing partner. Fortunately, the law firm had a protocol in place for the bookkeeper to contact the controller before authorizing the payment. Had that policy not been in place, the firm would have lost thousands of dollars.
March 15, 2016 3:23 PM
As the number and types of cyber-threats multiply, regularly updated security policies must be developed and additional training provided to ensure law firms' users are aware of such threats and how to avoid them. Unfortunately, there is usually a disagreement between users and IT staff about users knowledge and ability to recognize and circumvent an attack.
There is a distinct divide between what IT administrators feel about security and the impressions of a law firm’s general users. While most administrators feel users need more training to better recognize security-compromising events, i.e., email phishing attempts, many end users feel they are already able to spot when they are the victim of a sophisticated phishing attempt. It is important that the firm’s IT department and managing team are on the same page when it comes to information security and the amount of training required to support the firm’s directives and legal and ethical requirements.
March 8, 2016 4:01 PM
Wouldn't it be nice if security threats remained the same? We would only have to implement a single type of protection for each risk -- and that's that. No need for a deadbolt because the regular doorknob lock works. Car alarms were never invented because door locks worked fine. Cybercriminals couldn't shut down your network or ransom your files because you had anti-virus software installed.
Unfortunately, that is fantasyland. However, sometimes we treat our networks and endpoints as if they operate in that idealized world.
February 22, 2016 3:55 PM
UPDATE 1 MAR 2016: Our partners at Mimecast announced today at the RSA Conference that they are launching the first-ever threat protection against whaling. Learn more here.
Whaling Attack? No, it’s not the latest survivalist reality television show. It’s a potential hacking threat posing a real problem for today’s technologically driven law firms and companies. [Update 29 FEB 2016: Here are a few good, if sad, examples of whaling.]
As in reality, whales are bigger than phish. Phishing is usually conducted using shotgun-style emails sent to the masses looking for people to divulge sensitive information, like Social Security Numbers or other personally identifiable information (PII). A whaling attack, however, targets the C-suite, partners, upper management, celebrities and other individuals of high worth or influence.