How do attacks happen?
We see two main types of attacks on law firms.
1. Ransomware (commonly known as crypto-locker): attackers lock you out of your files and systems and demand payment to get them back.
2. E-Fraud: fraudsters intercept and modify legitimate electronic payments so they redirect to their accounts; scam requests for payment which appear to come from colleagues/clients.
What can you do to secure your law firm?
1. Separate personal and work accounts
Create different accounts for your personal and work use. Don’t use the same password at work and at home.
2. If you are suspicious of an email or website, don’t open it.
Sending out fake emails or fake websites is the basic method cyber attackers use to trick victims. If you receive a strange and unexpected email, delete or close it. Avoid being a victim of domain impersonation.
3. Add an extra layer of security
A username and a password aren’t enough. Two Factor Authentication (2FA) adds a second method of identity verification to secure our accounts.
4. Install updates when needed
Yes, you need to install those software updates. Installing updates is important. Running an outdated software is risky as it is prone to security holes. Updates keep you safe from security flaws that are discovered in the older version. Installing updates fix bugs and cover security holes to keep hackers away.
5. Patch antivirus, firewalls, and device encryption
Installing security software is always a good idea. Some of them have features that automatically detect malware or viruses, fake websites and such. It saves you from becoming a victim once you accidentally click on links you shouldn’t.
6. Update strong passwords regularly
Be smart about passwords. A strong password must have at least 20 characters long and include numbers, letters, and various symbols. Changing passwords every 3 to 6 months is ideal. Make sure you don’t use the same password for multiple applications. Applications like Bitwarden or 1Password are secure ways to manage your passwords.
7. Secure your meetings
In some cases, there are vulnerabilities that could have let uninvited people join private meetings. Cyber criminals join an active meeting by entering a unique Meeting ID, without requiring a password or going through the Waiting Rooms. So always make sure you are in a secure private meeting.
8. Do not connect to any public network
When you’re using public Wi-Fi, you don’t know who set it up and who else is sharing the network. It may say it is a restaurant Wi-Fi, but it could be just a random guy with a laptop who is trying to steal your sensitive data. Accessing the Internet using a private Wi-Fi connection is safer than using public Wi-Fi.
9. Continue to raise awareness
Fighting against cyber threats is a teamwork. Be updated with the latest cybersecurity news and do regular security training when embracing a remote-work lifestyle.
10. Be proactive
Have a plan for what to do if a device is lost or stolen.
Ensuring an effective defense against cybercrimes is a priority in every law firm.
As ransomware attacks are becoming more and more common, NZCS creates solutions to protect both your computers and data.
Keep your firm cyber-secure. For any questions you have, we’d be glad to help.