data protection NJ NYC

While many cyber-risks exist, it’s the users of the protected system who constitute the greatest danger to effective cybersecurity procedures. An overwhelming majority of cyber attacks begin when a user clicks a link they shouldn’t. How are users tricked into clicking these links?

This is accomplished through what is known as a phishing email. This describes an email designed to look like a communication from a well-known, trusted entity, (e.g., Facebook, Bank of America, etc.) which tricks the recipient into clicking the link, and exposing the system to the cyber-attack. The best defense against this attack is an informed workforce, trained to remain vigilant, and to recognize a scam. Here are some best practices your law firm can put in place to protect your employees and clients from these attacks.

Password Managers

Phishing sites pretend to be real entities to fool a user with near identical-looking sites or URLs. To avoid being tricked, train your lawyers and employees to not rely on their own judgment, but to use a password manager to check the authenticity of the site. These programs auto-fill usernames and passwords on the correct domains, but refuse to do so on an incorrect website.

Two-Factor Authentication

This form of security, also known as multi-factor authentication, requires a username and password be used in conjunction with another factor only the user possesses, like information, a token, or a device. Many law firms already require this for physical and information system access. Adding this layer to an email system further protects sensitive data, blocking unauthorized users from viewing protected data.

Employee Metadata and PII

data protection NJ NYCDocuments carry certain data unique to the user who created it, also known as metadata. To prevent client or employee Personally Identifiable Information (PII) from accidentally being exposed, users should be required to convert email attachments into PDFs or inspect documents in Office to remove hidden metadata.

Emails present the same threat, data that is targeted with spymail containing code that steals embedded recipient metadata. This data can include physical location, email statistics, and sending history, which aids a phisher in creating more deceptive emails. Law firms should employ a centralized anti-spymail tool, but users can also reduce risks by stopping external content from automatically loading (e.g., preventing pictures from being displayed when the email is opened).

Increase Awareness with Cybersecurity Training

Users form the first line of defense against phishing scams, so law firms should require training programs teaching steps their lawyers and  employees can use to protect themselves and the firm. Train all users to be discerning regarding who the sender is, refusing to open emails or attachments from unknown senders. Users can compare the actual company URL the phishing email is imitating to the link provided in the email. If an email arrives with embedded or attached forms, never insert sensitive data into the form.

Users should question any email asking for financial information, especially account update notifications, wire transfer requests, or failed transaction alerts. Threats to disable an account or reduce service support are a clear sign of a scam. In all cases contact the merchant directly, rather than responding to the email. The best defense against phishing scams is an educated workforce. Investing in cybersecurity training will reduce the risks to sensitive data and prevent costly responses to a cyber-attack.

Contact Us

Looking for more help with phishing protection? Contact us today.

Additional Resources:
https://www.darkreading.com/endpoint/91–of-cyberattacks-start-with-a-phishing-email/d/d-id/1327704
http://www.law.com/sites/almstaff/2017/06/29/dla-piper-isnt-alone-40-percent-of-law-firms-unaware-of-breaches/?slreturn=20170827131100
http://www.abajournal.com/news/article/dont_click_lawyers_get_fake_emails_about_a_complaint_hyperlink_installs_mal
http://abovethelaw.com/2016/12/dont-fall-for-scams-in-smalllaw/?rf=1
https://www.law360.com/articles/957163/law-firm-duped-by-email-scammers-in-wage-and-hour-case
https://www.consumerreports.org/money/how-to-protect-yourself-from-phishing/ 

 

ransomware attacks on law firms

Why Law Firms Need to Make Cybersecurity a Priority

ransomware protection for law firms

Are Law Firms Prepared for Malware Attacks?

A majority of law firms are unprepared to defend against a cyber-attack, primarily because of financial limitations in their budgets and/or a fundamental lack of appreciation for the full scope of the risks they face. As most enterprises deploy some form of cyber-defense, hackers continue to target the weak link: law firms.

Consequences of Inaction

A breach in security damages a law firm’s reputation across the industry and triggers fiscal and compliance procedures that will hamper a firm’s ability to work. Additionally, the law firm will face legal proceedings in the event of data loss. In some cases, this can lead to bankruptcy. If the law firm survives, their customer base will flee, spreading the word to their peers to steer clear.

Moral Obligations

ransomware protection for law firmsThe confidentiality and privacy of client data and PII are paramount for any law firm. Lawyers bear the burden of preventing accidental or intentional disclosure of PII and other customer data. Many states have laid out clear guidelines for lawyers and their firms concerning customer privacy and confidentiality.

What Law Firms Can Do to Protect Themselves from Malware Attacks

Beyond prioritizing cyber-security and deploying adequate cyber-defense measures, law firms need to spread awareness throughout their organization. At a minimum, recommendations for cyber-security include:

  • Data encryption
  • Limited network and data access privileges
  • Multi-factor authentication
  • Multiple layers of data and network security
  • Data discovery and classification
  • Patching and software updates
  • Cyber security policy and compliance
  • Employee training and education in cyber security

Law firms also need to do business only with trusted vendors and have clear vendor cybersecurity procedures in place. Remember, a vendor breach threatens the law firm as well.

Law firms are irresistible targets for cyber-criminals. Hackers continue to innovate, creating new, more sophisticated, and creative methods to attack networks and steal sensitive and confidential information. In order to keep data safe, law firms must deploy a strong cybersecurity defense immediately.

Contact Us

Contact JDL Group today to learn more about protecting your law firm from cyber attacks.

 

Additional Resources:
https://www.teachprivacy.com/law-firm-cybersecurity-an-industry-at-serious-risk/
http://www.abajournal.com/magazine/article/managing_cybersecurity_risk
https://www.americanbar.org/publications/law_practice_magazine/2013/july-august/cybersecurity-law-firms.html
https://www.dhs.gov/national-cyber-security-awareness-month
https://www.forbes.com/sites/centurylink/2017/02/16/the-cyber-security-to-do-list-for-law-firms-in-2017/#2170cda87ba6
http://www.insidecounsel.com/2017/07/13/how-can-law-firms-strengthen-their-cybersecurity-w
http://www.law.com/sites/almstaff/2017/07/18/outside-counsel-guidelines-lack-cyber-requirements-does-it-matter/?slreturn=20170830134613
https://www.forbes.com/sites/eycybersecurity/2017/03/20/why-cybersecurity-should-be-a-no-1-business-priority-for-2017/#7b5645761719 

ransomware attacks on law firms

ransomware protection for law firms

Are Law Firms Prepared for Malware Attacks?

A majority of law firms are unprepared to defend against a cyber-attack, primarily because of financial limitations in their budgets and/or a fundamental lack of appreciation for the full scope of the risks they face. As most enterprises deploy some form of cyber-defense, hackers continue to target the weak link: law firms.

Consequences of Inaction

A breach in security damages a law firm’s reputation across the industry and triggers fiscal and compliance procedures that will hamper a firm’s ability to work. Additionally, the law firm will face legal proceedings in the event of data loss. In some cases, this can lead to bankruptcy. If the law firm survives, their customer base will flee, spreading the word to their peers to steer clear.

Moral Obligations

ransomware protection for law firmsThe confidentiality and privacy of client data and PII are paramount for any law firm. Lawyers bear the burden of preventing accidental or intentional disclosure of PII and other customer data. Many states have laid out clear guidelines for lawyers and their firms concerning customer privacy and confidentiality.

What Law Firms Can Do to Protect Themselves from Malware Attacks

Beyond prioritizing cyber-security and deploying adequate cyber-defense measures, law firms need to spread awareness throughout their organization. At a minimum, recommendations for cyber-security include:

  • Data encryption
  • Limited network and data access privileges
  • Multi-factor authentication
  • Multiple layers of data and network security
  • Data discovery and classification
  • Patching and software updates
  • Cyber security policy and compliance
  • Employee training and education in cyber security

Law firms also need to do business only with trusted vendors and have clear vendor cybersecurity procedures in place. Remember, a vendor breach threatens the law firm as well.

Law firms are irresistible targets for cyber-criminals. Hackers continue to innovate, creating new, more sophisticated, and creative methods to attack networks and steal sensitive and confidential information. In order to keep data safe, law firms must deploy a strong cybersecurity defense immediately.

Contact Us

Contact JDL Group today to learn more about protecting your law firm from cyber attacks.

 

Additional Resources:
https://www.teachprivacy.com/law-firm-cybersecurity-an-industry-at-serious-risk/
http://www.abajournal.com/magazine/article/managing_cybersecurity_risk
https://www.americanbar.org/publications/law_practice_magazine/2013/july-august/cybersecurity-law-firms.html
https://www.dhs.gov/national-cyber-security-awareness-month
https://www.forbes.com/sites/centurylink/2017/02/16/the-cyber-security-to-do-list-for-law-firms-in-2017/#2170cda87ba6
http://www.insidecounsel.com/2017/07/13/how-can-law-firms-strengthen-their-cybersecurity-w
http://www.law.com/sites/almstaff/2017/07/18/outside-counsel-guidelines-lack-cyber-requirements-does-it-matter/?slreturn=20170830134613
https://www.forbes.com/sites/eycybersecurity/2017/03/20/why-cybersecurity-should-be-a-no-1-business-priority-for-2017/#7b5645761719 

ransomware attacks on law firms