The Dangers of Allowing This at Your Law Firm
It all began with one employee at a law firm who decided to get his email during lunch from his work computer. He logged into his email account, read through some emails, visited a few social media sites … pretty standard stuff, right?
It could have been except that he got an email that seemed to be from Starbucks, his favorite coffee spot. Starbucks was asking him to fill out an opinion survey, and they were going to give him a free coffee for this service … seemed like a great idea!
So the employee clicked on the so-called Starbucks survey, went to the site and guess what? It wasn’t Starbucks at all. It was a phishing email sent from Eastern Europe. As soon as he landed on the phony site, a ransomware virus was downloaded onto his computer. Within moments, all the computers at the law firm were locked up. No one could get into their files or work on their cases.
Instead, an angry message scrolled across the screen:
“Your Computer Has Been Locked!”
The message goes on to say that you have 72 hours to pay the ransom and there’s a clock that’s counting down the time you have left.
This happens to law firms and small businesses each day, and it’s one of the most significant problems they face. Ransomware was a billion dollar industry in 2017, and it’s escalated by 250 percent during 2018.
This makes it more critical than ever for your law firm to establish rigid guidelines for how, when, and where employees can access your company network. Employees need training to teach them all about phishing campaigns and ransomware.
Your employees may be your biggest asset but they’re also your biggest risk factor when it comes to cyber-crime. This poses a significant data security risk to your law firm.
All It Takes Is One Employee And One Computer
With the new phishing and malware scams, users don’t even have to open a malicious link or download anything. You can visit a bogus website and these cyber thieves can begin downloading a virus onto your system that will spread quickly to infect other computers.
One of the new threats to businesses and law firms is where hackers install a Trojan horse or virus onto one computer that allows them to control the computer remotely. This attack is being used more and more. Once a computer has been affected, it is now referred to as a Zombie. The hackers can use your business computer to mine bitcoin or perform any other tasks they choose.
Once a hacker has gained access to several of your computers, they can turn them into a Botnet. A botnet is a whole group of Zombie computers that have been compromised. They can perform all types of tasks from sending spam emails out to your entire database to stealing information from your database.
Today, you’ll find no lack of personal data for sale on the Dark Web. This is data that hackers have stolen from business owners. It can include a wide range of things like:
The more thorough the information is, the more it’s worth to hackers.
It can be difficult to tell if your computer is a Zombie. Usually, there are a few tell-tale signs, such as:
If you notice any of these anomalies, your business computer might be a zombie. Once this happens, hackers are in control. They can use your computer however they like, even taking over multiple networks to create an army of Zombies or a Botnet.
More About Botnets
Botnets can include computers, laptops, iPads, servers and even Internet of Things (IoT) devices. Hackers will try to infect as many of your connected devices as possible and use them for malicious tasks.
Once this happens, you’ll need a really good IT specialist to come in and remove the viruses from all connected devices. It’s a lengthy but essential process to remove all malware and reinstall your legitimate programs.
What About Bring Your Own Device (BYOD) Programs?
These can be very convenient for employees but they do open the door to all types of hacking scams, viruses, and malware. That’s why it’s so important to have strong policies when it comes to employees using their phones and computers for work-related projects.
Often people use their own devices on public Wi-Fi networks that are unsecured. For instance, airport Wi-Fi may not be completely secure, plus there are likely hundreds of people using this Wi-Fi at the same time. It’s just too easy for a hacker to break into this network and infect phones, tablets, and laptops.
What Should You Do?
Your law firm should have strictly enforced policies regarding BYOD. Ask your IT Service Company to establish a Mobile Device Management program to manage the security of these devices. An MDM program should include protection for all devices, as well as the ability to remotely erase the data on a device that has been lost or stolen. Employees must be appropriately trained and fully aware of the risks involved.
If you enjoyed this article, you might want to check out others on our Blog:
Parkway Tech offers technology management, help desk services, and strategic IT consulting to law firms and legal practices across North Carolina.
We offer a completely customized technology support services for large and small law firms, law offices and law practices.