IICLE® gratefully acknowledges this sponsored content, provided by Lakeview Networks LLC.
Defending Your Firm Against Cybercrime
Many clients who seek counsel find the whole legal process overwhelming. They don’t understand their role in a successful outcome because they don’t know the law. Business owners are no different. They excel at providing their product or service, but struggle finding the best providers at the best price to meet their unique business needs. Law firms face the same challenges. If you have a niece who is a CPA, you have that covered. If a neighbor is an insurance agent, then you know someone whom you can trust. But all businesses find IT and network security hard to understand because it changes constantly. It does not help that the diversity of components in the IT infrastructure are vast, with new solutions being developed every day. It is the goal of this series of articles to give you the information you need so that you can make wise buy technology decisions for your firm.
According to industry experts, last year cybercriminals exposed 2.8 billon consumer data records to attack. This breach cost United States organizations more than $654 billion dollars. When an organization loses its customer’s sensitive information, the most common types of data lost are dates of birth, social security numbers, names with addresses, personal health information, banking information, and e-mail addresses. This can happen to any organization, but 48 percent of the victims are in the healthcare sector. The next most vulnerable group at 20 percent was financial services and local governments. These are the most victimized industries, but really every entity is at risk.
Less than 1 percent of cybercrimes lead to prosecution due to the difficulty in tracking down online hackers who can be anywhere in the world. This low success rate underscores the challenges faced by law enforcement to identify criminals and bring them to justice. Industry experts have long warned that these types of crimes would overtake traditional theft due to the low risk and high reward to the criminals who launch these attacks. One of the costliest kinds of attacks involves ransomware. Last month this type of attack cost Lake City, Florida, over $460,000 in ransom that its insurer paid. However, 100 years’ worth of digitized municipal records have not all been recovered and may never be found. But there are important steps you can take to protect your practice from this threat. We all need to take steps to be aware of these threats and take actions to protect our companies.
First, update your software applications regularly. Those Microsoft Windows updates that are available for download often weekly are more than improvements to programs like Word and Excel. Most often they are security updates you need to stay protected. Malware that is the source of a ransomware attack relies on old, well-known weaknesses that have already been “patched” by a Microsoft Security update. Even if your computer person set your computer to automatically accept updates when they are available, it still is possible they didn’t all install completely on your computer. You have to be connected to the Internet to receive those patches, and if you left for court in the middle of a download and turned your computer off, the patch didn’t completely install. Also, Microsoft support for Windows Server 2008 and Windows 7 is coming to an end in December 2019. Since Microsoft is not supporting those versions of their products at the end of this year, it means they will no longer protect your computers with security updates. For the security of your firm’s information, consider moving to Office 365, which is a subscription-based version of Windows as a cloud-based product with a carrier-managed firewall on your Internet connection.
Next, back up your data, accounting records, case files — everything you need to run your practice. This should be done daily, and there are a variety of cloud-based solutions available. In the event you do suffer a ransomware attack, your loss would be minimal as you would already have the important information you need to work with your clients and protect your practice. One of the most important pieces of information is your accounts receivable aged invoice report. If your office building itself suffered a catastrophic loss like fire, you would be able to go to your bank and get a line of credit to rebuild because in that one report you would have who your clients are and what monies you could expect from them to stay in business. Get competitive quotes from several cloud providers so that you get the best off-site cloud storage solution for your practice. Many providers include firewalls and other software and hardware protection measures as part of their offering.
Always be careful of what websites you visit. Cybercriminals set up “honeypot” sites that seem harmless to users but then infect your computer with malware. Online gambling sites, celebrity search sites, and pornography sites are notorious havens for this kind of risk. In 2006, I was a technical trainer working for AT&T in support of their new product U-Verse. The purpose of the training was to teach the union phone technicians how to install U-Verse and configure it on customers’ computers. We had an open lab where the technicians could bring in their own personal computers too. One of them had a computer that was so infected with malware it almost wasn’t working anymore. Wiping the complete Windows operating system off the computer was not an option as it was the only place he had all the pictures of his children that were stored digitally. It took us almost a week to clean the computer up. He had never updated Windows, and we had it running 24/7 loading the updates. In the end we had to manually load the final Windows security patches as the malware kept blocking our attempts when his computer was connected to the Internet. The first thing he did once his computer was clean was to save his family pictures on a cloud storage service.
Finally, be careful of e-mails you receive that seem off in some hard-to-describe way. Consider any e-mailed link to be highly suspect. Confirm the validity of the sender and the content before you click and accidently download malware onto your computer and trigger a ransomware attack. E-mail addresses can be easily spoofed by hackers so look closely at the domain in the sender’s e-mail address. The domain is the part after the @ sign and should be from someone you know and trust. I would recommend calling the sender if you are unsure. A well-known client of ours had their CFO falling for one of these bogus e-mails, and when he clicked on the link in an e-mail they were breached. Not only was their bank account information in danger, but now the hackers had every one of their 10,000-plus clients’ and vendors’ e-mail addresses. I got some really sophisticated e-mails for weeks that looked just like legitimate DocuSign e-mails complete with the link to get what looked like secure files but was really a malware download. I would recommend having a third-party provider scan your network if not quarterly at least once a year. Often malware is lying in wait on your computer as the hacker waits for an opportune time to launch an attack. Like when you are doing large bank transactions.
It is easy to see how vulnerable your firm is in this digital landscape. It is unhealthy to live under a cloud of constant paranoia. However, taking first steps today to protect your information is important. Healthy self-awareness of the risks will ensure your data, case records, client files and accounting records are secure to support your firm’s longevity.
SPONSORED CONTENT DISCLAIMER: Please note that this article was provided by a sponsor of the Illinois Institute for Continuing Legal Education. The views expressed in this article are those of the author and do not necessarily reflect those of the Institute.
For more information about cybersecurity, see BUSINESS LAW: MISCELLANEOUS OPERATING ISSUES — 2017 EDITION. Online Library subscribers can view it for free by clicking here. If you don’t currently subscribe to the Online Library, visit www.iicle.com/subscriptions.