How To Protect Your Law Firm From Phishing
You probably think you’re secure. There’s a popular assumption among law firms that they are safe from most cybersecurity threats – 80% of legal organizations consider their cybersecurity to be sufficient.
But is that really the case?
Just ask Jenner & Block. A law.com investigation found that they exposed the information of nearly 900 people (employees and clients) when they gave a hacker W-2 tax forms as the result of a phishing scam.
Here’s the worst part – Jenner & Block actually maintains a data privacy and cybersecurity practice, offering “counseling and litigation services to ensure the privacy and integrity of their sensitive information.”
If Jenner & Block was confident enough in their cybersecurity capabilities to actually offer it as a service, but still got fooled by a cybercriminal, what does that say about your cybersecurity?
The State Of Law Firm Cybersecurity
- Proskauer Rose: Despite calling themselves a “recognized leader in privacy and cybersecurity law,” this firm was also a victim of tax document phishing.
- DLA Piper: In 2017, this firm was successfully infected with ransomware. Despite a firm spokesman reporting that no client data was affected, the fact is that the malware still penetrated their defenses.
- Harris Beach: This firm was penetrated when a hacker broke into their email system, and possibly downloaded all information stored there.
2 Simple Ways To Enhance Your Law Firm’s Cybersecurity
- Learn To Recognize Phishing
- Watch For Overly Generic Content And Greetings: Cybercriminals will send a large batch of emails. Look for examples like “Dear valued customer.”
- Examine The Entire From Email Address: The first part of the email address may be legitimate, but the last part might be off by a letter or may include a number in the usual domain.
- Look For Urgency Or Demanding Actions: “You’ve won! Click here to redeem a prize,” or “We have your browser history pay now or we are telling your boss.”
- Carefully Check All Links: Mouse over the link and see if the link’s destination matches where the email implies you will be taken.
- Notice Misspellings, Incorrect Grammar, & Odd Phrasing: This might be a deliberate attempt to try and bypass spam filters.
- Don’t Click On Attachments Right Away: Virus containing attachments might have an intriguing message encouraging you to open them such as “Here is the Schedule I promised.”
- Data Backup
- Back up data on a regular basis (at least daily).
- Inspect your backups to verify that they maintain their integrity.
- Secure your backups and keep them independent from your main system.
Like this article? Check out the following blogs to learn more:
Why Local Companies Need To Hire A Local Cybersecurity Specialist
Are You Part Of The 55% That Fails To Offer Security Training To Staff Members?
3 Easy Steps To Secure Word Documents With A Password