Last week, I covered some of the reasons why cybersecurity is a real concern for law firms. Today, let’s talk about what a breach might look like in the law firm setting and the common problems your firm could encounter in the aftermath.
Online fraud, threats and security breaches on digital platforms are constantly changing, and the people behind them are constantly studying new methods to breach your security. Staying ahead of the trends could pay off the next time your firm is targeted.
Hacking is the type of event most of us think of when we hear the phrase “data breach.” Someone gains access to confidential information and extracts it, sometimes without the owner even knowing what happened. Then, they use that information to accomplish other goals, such as opening lines of credit or making stock trades based on insider info.
Hackers often take advantage of holes in software applications to gain access. In some cases, those holes are in the very software we use to protect our files, making regular updates all the more important.
As the name implies, ransomware involves a hacker installing a program (malware) that locks an attorney out of their files or their entire system. The applications can come from a link in a phishing email or website, or even a corrupted USB drive. Ransomware is the most dramatic of cyber events – the attack is right in the user’s face, and they’re unlikely to get much work done until the problem is resolved.
Once the program takes over, it holds the system hostage until the attorney pays the ransom. In some cases, they will demand a direct payment (which puts personal information at risk). In others, the hacker might require payment through a cryptocurrency like Bitcoin.
The problem is: Even if the hacker relinquishes control of the computer or server, they might not actually be gone. A ransomware program can remain, lurking in the background, until more drastic steps are taken to remove it. In a recent podcast, the FBI urged victims of ransomware not to pay cyber criminals.
A sneakier development in cybercrime, digital surveillance takes a page from 1984. A hacker baits the user with an email that looks legitimate, usually asking them to log in to an official website. In the law firm setting, this could be anyone. An associate, paralegal, or executive assistant might accidentally log in to one of these sites, which gives hackers access to anything on that person’s server.
A significant number of data breaches stem from simple mistakes. Whether it’s failing to shred essential documents or accidentally emailing the wrong person, in many ways the biggest threat to a firm’s security comes from the inside. That’s why training on data security is so important. As firms move toward using less and less paper, more confidential information is at risk of being misplaced.
Keep an eye out next week for more on law firm cybersecurity and how any size operation can protect their confidential data.