We recently asked our legal technology experts for advice on enhancing law firms' cybersecurity in 2021.
Q: What trends are you seeing with law firm IT security?
A: The biggest trend I see relates to malware and phishing attacks on email systems. This threat has increased significantly since Covid struck the country last year. Most users are still working remotely and by themselves and may not have IT experts readily available to review a potentially suspicious message. End user training is key to fighting these attacks, and ongoing security education must continue with remote workers.
Read More
Topics:
Malware,
Technology Consulting,
cybersecurity,
phishing
Check out what hackers are using to trick employees into clicking fake links in emails in our partner KnowBe4's review of the Top Clicked Phishing Tests from the last quarter of 2019 in the below infographic.
Read More
Topics:
cybersecurity,
Infographic,
phishing,
KnowBe4
In mid-2019, we held our first online security summit bringing together legal, cybersecurity and IT professionals to discuss law firms' responsibility to manage cybersecurity, including risk management, potential future threats and steps firms should take to ensure the security of their firms' and clients' data. Our third most popular blog post from 2019 was the invitation to the summit.
Read More
Topics:
Technology Consulting,
IT Tips,
cybersecurity,
phishing,
Business Continuity
Our fourth most popular blog of 2019 falls outside the strict theme of "business continuity" as it was a recount of a personal phishing attack I experienced (and have experienced again since). Nonetheless, it is just these personal attacks that lead to cybersecurity breaches of larger organizations. In fact, cybercriminals are often able to reuse the credentials they discover in successful cyberattacks against individuals' personal data to access corporate and other accounts.
Read More
Topics:
Technology Consulting,
IT Tips,
cybersecurity,
phishing,
Business Continuity
Shortly after I signed off of work last night, I checked my smartphone for the first time in an hour or so and discovered I'd missed a call. The waiting voicemail claimed to be from Amazon customer service warning me my account had been compromised by the unauthorized purchase of a refurbished $650 iPhone 6. The purchase had been stopped, the caller said, but my Amazon account would be closed if I did not call them back at 1-866-850-3558.
Read More
Topics:
cybersecurity,
phishing,
Cybercrime
Here's a quick checklist of things you should do when your email has been compromised.
Read More
Topics:
Email Management,
cybersecurity,
phishing,
Email Security
Recent research has shown changes in the effectiveness of various phishing attacks.
Cofense, previously PhishMe, issued a report based on 1,400 clients in 23 industries in more than 50 countries that notes that 7.5 million phishing emails were reported in 2017 alone. But the effectiveness of phishing campaigns has shifted.
In prior research, users were most emotionally motivated to open emails that made them feel a sense of urgency, fear or opportunity. Those three emotional motivators have now been replaced with entertainment, social and reward/recognition.
Read More
Topics:
Security,
Training,
cybersecurity,
Ransomware,
Hacking,
phishing,
Cybercrime,
Email Security,
Information Security
Hackers' methods continue to evolve. That means your security must evolve.
To adequately protect your firm, you need:
Read More
Topics:
Security,
Training,
Malware,
Information Governance,
Email Management,
Network,
Access Control,
Mimecast,
Dual Factor Authentication,
whaling,
cybersecurity,
Passwords,
Biometric Authentication,
Two Factor Authentication,
Ransomware,
Hacking,
Advanced Persistent Threats,
phishing,
Antivirus,
Cybercrime,
Enterprise Mobility Management,
Mobile,
Email Security,
2FA,
Information Security,
Penetration Testing,
Vulnerability Testing,
firewall
We have recently been made aware of a sophisticated email phishing campaign targeting law firms and other businesses.
Read More
Topics:
Security,
Alerts,
Email Management,
cybersecurity,
Hacking,
phishing,
Cybercrime,
Email Security,
Information Security,
Identity Theft
It's that time again — time to file your taxes early so criminals don't do it for you and steal your possible refunds. This is of special importance after the recent Equifax hack in which most Americans' personal information, including Social Security Numbers, was accessed by criminals. The most effective defense is to file your taxes early — before identity thieves have the chance to do it for you.
Read More
Topics:
Security,
Alerts,
Hacking,
phishing,
PII,
Cybercrime,
Identity Theft
It's happened. You've done everything you can to defend your law firm from this day, but the hacker successfully breached your walls. Now, you're faced with encrypted files, lost confidential data, demands for money, the insertion of other forms of malware on your network or, even worse, some combination of these and/or more malicious activities or demands.
What do you do now? Who needs to know? Who are you gonna call?
Read More
Topics:
Security,
Training,
Malware,
IT Tips,
Email Management,
whaling,
cybersecurity,
Hashcat,
Passwords,
Hacking,
phishing,
Virus,
Antivirus,
FBI Internet Crime Complaint Center,
US-CERT,
IC3,
Secret Service,
PII,
Federal Trade Commission,
APTs,
Cybercrime
Ransomware, in layman’s terms, is designed to extort money from law firms, companies and individuals by holding their data hostage. CryptoLocker (and its variants) is a type of ransomware that infects a computer and seeks out common data files, such as pictures, music, PDFs and Word and Excel documents. It then encrypts those files so the user can’t open them, leaving the victim two choices: pay the cybercriminal or lose the data.
Need an example? Check out what happened to the Town of Discovery Bay, Calif., when its network was compromised by CryptoLocker.
Unfortunately, it only takes one wrong click to become a victim. Thus, ransomware prevention is crucial for law firms of any size holding confidential information. And what law firm isn't?
Download and use our 10 Steps to Ransomware Prevention:
A Checklist for Managing Computer Vulnerabilities to help ensure your law firm can survive a ransomware attack.
Read More
Topics:
Security,
Training,
Malware,
IT Tips,
Webinars,
whaling,
cybersecurity,
Passwords,
Ransomware,
Hacking,
phishing,
Virus,
Antivirus,
Endpoint Protection,
APTs
One click. That's all it took. One single click.
All the law firm's data. All of it. Gone. Encrypted. Corrupted. The best you can hope for is that you get
Read More
Topics:
Security,
Training,
Malware,
IT Tips,
Webinars,
whaling,
cybersecurity,
Passwords,
Ransomware,
Hacking,
phishing,
Virus,
Antivirus,
Endpoint Protection,
APTs
Along with ransomware, another threat — whaling — has been dominating the news lately. While phishing has been going on for years, whaling is a slight change of direction offering greater monetary rewards for successful hackers.
In our own past experience, a law firm’s bookkeeper received an innocent-looking email from the managing partner requesting that several thousand dollars be paid from a certain account. The email looked legitimate and even came from the managing partner’s email address. But, in reality, it was a spoofed email.
The attacker faked the email address, figured out who the bookkeeper was and sent them an email pretending to be the managing partner. Fortunately, the law firm had a protocol in place for the bookkeeper to contact the controller before authorizing the payment. Had that policy not been in place, the firm would have lost thousands of dollars.
Read More
Topics:
Security,
Malware,
IT Tips,
whaling,
cybersecurity,
Ransomware,
Hacking,
phishing,
Endpoint Protection
Comment on this post