09:14 AM

How to protect your law firm against cyber attacks

You’ve read about it in the news: companies falling victim to cyber attacks. It’s easy to think these threats won’t knock on your law firm’s door, and that’s exactly what hackers want you to believe. 

At The Missouri Bar’s Solo & Smal Firm Conference earlier this month, Mark Lanterman, chief technology officer at Minneapolis-based Computer Forensic Services, presented ways individuals can protect themselves against cyber attacks. 

The most common, and most successful, cyber attack is phishing – when someone sends a fraudulent email to trick another person into revealing sensitive information that the attacker can then use maliciously. Lanterman said he has seen “a significant increase in phishing attacks against lawyers,” particularly those with solo and small firms.  

“Don’t ever think, ‘Why would any hacker come after me? I’m just a small shop here,’” Lanterman said. “They don’t care. They don’t take the time to figure out if you’re big or small or medium. They cast a wide net, so be careful before you follow instructions you receive via email.” 

The best practices to avoid phishing schemes are to always be skeptical of the emails you receive and to confirm information via phone call before acting on email requests. A phishing email may contain a sense of urgency, poor spelling and grammar, and  fabricated email addresses. It may also ask you to download a document, click a link, or provide sensitive information – like passwords and credit card information. 

If a hacker does compromise your business and gain access to sensitive information, Lanterman said, do not pay the ransom the hacker requests. When individuals pay the ransoms, they are doing two things:  

1. They are identifying themselves as victims who are willing to pay ransoms, currently and in the future. 

“Once you pay, you don’t become best buddies with these guys,” Lanterman said. “They will come back because they know you have money and you’re willing to give it to them.” 

2. They are funding cyber terrorism. 

“This money will go toward paying coders to develop cyber weapons that will be used against you, your colleagues, your associates, corporations, the government,” Lanterman said. “These weapons, these cyber-attack tools, will be used against others and they will come back to be used against you.” 

Lanterman isn’t the only one encouraging companies to not pay the ransom. The U.S. Department of Treasury warned that if companies pay ransoms – which are commonly used to spur cyber terrorism – they may face sanctions for violating the Office of Foreign Assets Control’s regulations. 

If a company experiences a cyber threat, it should work with its information technology staff to recover from ransomware attacks. These types of cyber threats are in the news constantly, and IT staff should be prepared to recover from ransomware attacks, Lanterman said. 

Jason Cecil, chief technology officer with The Missouri Bar, recommended law firms hire outside consultants, if their budgets allow, and listen to the consultants’ recommendations. If law firms can’t afford to hire outside consultants, Cecil added, he recommended enabling multi-factor authentication on every account. 

“If the feature is available to you, turn it on and use it,” he said. “It is necessary in today’s world. If your password falls into the wrong hands, this is an additional layer of protection.” 

A couple of other options lawyers can use to protect their law firms include routinely changing their account passwords and contracting with companies that provide tools to educate staff about phishing scams.  

While these tips may seem obvious, and many individuals may think they would not fall for such schemes, Lanterman has seen hundreds of examples where regular employees have thrown their businesses into turmoil – all with one click of the mouse. Unfortunately, Lanterman added, these cyber threats will never stop since “they make criminals money.” 

Missouri Bar members have access to discounted services, including some to help protect businesses from cyber threats. Click here to review your member benefits.