Everyone needs to know what to do in the event of a successful cyberattack.

Topics: Security, Training, Technology Consulting, cybersecurity, Ransomware, FBI Internet Crime Complaint Center, US-CERT, IC3, Secret Service, PII, Federal Trade Commission, Cybercrime, Publications, Articles, Information Security

Recent research has shown changes in the effectiveness of various phishing attacks.

Cofense, previously PhishMe, issued a report based on 1,400 clients in 23 industries in more than 50 countries that notes that 7.5 million phishing emails were reported in 2017 alone. But the effectiveness of phishing campaigns has shifted.

In prior research, users were most emotionally motivated to open emails that made them feel a sense of urgency, fear or opportunity. Those three emotional motivators have now been replaced with entertainment, social and reward/recognition.

Topics: Security, Training, cybersecurity, Ransomware, Hacking, phishing, Cybercrime, Email Security, Information Security

A recent ransomware attack against the city of Atlanta took its computers offline for over a week while city officials, along with the FBI, attempted to remedy the situation without paying the hackers $51,000 in Bitcoin. 

Topics: cybersecurity, Ransomware, Cybercrime, Email Security, Information Security

Topics: Security, Training, Malware, Information Governance, Email Management, Network, Access Control, Mimecast, Dual Factor Authentication, whaling, cybersecurity, Passwords, Biometric Authentication, Two Factor Authentication, Ransomware, Hacking, Advanced Persistent Threats, phishing, Antivirus, Cybercrime, Enterprise Mobility Management, Mobile, Email Security, 2FA, Information Security, Penetration Testing, Vulnerability Testing, firewall

 

Just after the school year commenced, Steve Bradshaw, superintendent of the Columbia Falls, Montana, schools got a menacing text from a number he didn’t recognize. The cyber thug behind the message made a myriad of threats – including physical harm to district students and staff and releasing their personal information – unless a ransom was paid in Bitcoin. The community was thrust into a panic, and the district closed its 30 schools for three days.  Was this response warranted or appropriate?

 

Topics: Information Governance, cybersecurity, Ransomware, Cybercrime, Information Security

Crag Bogner, one of our Systems Engineers, is quoted in this Legaltech News story about recent ransomware attacks aimed at attorneys. He previously discussed these attacks on our blog here. 

Topics: IT Tips, cybersecurity, Ransomware, Cybercrime, Information Security

At the end of each year, the organizations publishing dictionaries release terms that will be included in their next editions. Terms that would have been nonsensical just years ago become commonplace. One word has been hiding just below the surface of our everyday conversation. It is terrifying in terms of scope and mortifying in terms of transmission. I speak of the word “ransomware.”

Topics: Security, SentinelOne, cybersecurity, Ransomware, Cybercrime, Email Security, Information Security

Yesterday, shortly after our CEO Michael Kemps' article was published by the American Bar Association, the Association of Legal Administrators (ALA) released the newest issue of their magazine Legal Management. Michael has an article in it, too!

Topics: Technology Consulting, IT Tips, cybersecurity, Two Factor Authentication, Ransomware, Endpoint Protection, ALA, Cybercrime, ALA 2016, Publications, 2FA

We're excited to share that our partners at the cybersecurity firm SentinelOne have announced another innovative response to the wave of ransomware attacks law firms and other organizations are facing: a Ransomware Cyber Guarantee.  

 

Your law firm must plug the security holes remaining in your network. Anti-virus software is no longer enough. 

 

You need next-generation endpoint security.

Topics: Security, Technology Consulting, IT Tips, SentinelOne, cybersecurity, Ransomware, Cybercrime

Our partners at the cybersecurity firm SentinelOne have shared the below blog post on recent security problems with Pokémon GO. Remember to ensure your devices are secure from all threats, including those hidden within apps.

 

The past week has evoked an unfamiliar sight in many of the country’s public areas: Hundreds of young adults—heads down, eyes glued to their phones—wandering through public parks in search of Pokémon. In many ways, Pokémon GO represents a seismic societal shift. No other game has really captured the potential of augmented reality in a way that’s really seized the public imagination. By the same token, another seismic shift has opened up—a whole lot of people are suddenly getting an unpleasant education on the dangers of mobile malware, account privacy exposure, and GPS hacking.

Topics: Security, Malware, Technology Consulting, IT Tips, SentinelOne, cybersecurity, Ransomware, Endpoint Protection, Pokémon GO, Cybercrime, Mobile

The frequency and intensity of malware attacks only continues to increase. The increase seems especially concentrated among those in the banking, financial services, health care, legal (and here and here) and governmental sectors.

Topics: Security, Malware, IT Tips, cybersecurity, Ransomware, FBI Internet Crime Complaint Center, US-CERT, Cybercrime

Topics: Security, Training, Malware, IT Tips, Webinars, whaling, cybersecurity, Passwords, Ransomware, Hacking, phishing, Virus, Antivirus, Endpoint Protection, APTs

One click. That's all it took. One single click.

All the law firm's data. All of it. Gone. Encrypted. Corrupted. The best you can hope for is that you get

Topics: Security, Training, Malware, IT Tips, Webinars, whaling, cybersecurity, Passwords, Ransomware, Hacking, phishing, Virus, Antivirus, Endpoint Protection, APTs

Along with ransomware, another threat — whaling — has been dominating the news lately. While phishing has been going on for years, whaling is a slight change of direction offering greater monetary rewards for successful hackers.

In our own past experience, a law firm’s bookkeeper received an innocent-looking email from the managing partner requesting that several thousand dollars be paid from a certain account. The email looked legitimate and even came from the managing partner’s email address. But, in reality, it was a spoofed email.

The attacker faked the email address, figured out who the bookkeeper was and sent them an email pretending to be the managing partner. Fortunately, the law firm had a protocol in place for the bookkeeper to contact the controller before authorizing the payment. Had that policy not been in place, the firm would have lost thousands of dollars. 

Topics: Security, Malware, IT Tips, whaling, cybersecurity, Ransomware, Hacking, phishing, Endpoint Protection

As the number and types of cyber-threats multiply, regularly updated security policies must be developed and additional training provided to ensure law firms' users are aware of such threats and how to avoid them. Unfortunately, there is usually a disagreement between users and IT staff about users knowledge and ability to recognize and circumvent an attack.

There is a distinct divide between what IT administrators feel about security and the impressions of a law firm’s general users. While most administrators feel users need more training to better recognize security-compromising events, i.e., email phishing attempts, many end users feel they are already able to spot when they are the victim of a sophisticated phishing attempt. It is important that the firm’s IT department and managing team are on the same page when it comes to information security and the amount of training required to support the firm’s directives and legal and ethical requirements.

Topics: Security, Malware, IT Tips, Network, whaling, cybersecurity, Ransomware, phishing