Author Archives: Stacey Ivol

Multi-Factor Authentication: A Stronger Defense for Your Cybersecurity

Posted on by

Welcome to Week 4 of Cybersecurity Awareness Month! As we continue to focus on protecting your digital assets, it’s time to discuss one of the most effective methods to secure your accounts—Multi-Factor Authentication (MFA). By adding multiple layers of defense, MFA helps to ensure that only authorized users can access your sensitive data.

What Is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication (MFA) is a security measure that requires users to provide two or more verification steps to access an account. Think of it as an extra lock on your digital door. Even if a hacker manages to steal your password, they still need to pass through another security checkpoint to gain access.

How Does MFA Work?

MFA typically comes into play after you’ve entered your password. To complete the login process, you’ll need to provide additional proof of identity. Here are some common types of MFA verification methods:

  • An extra PIN: A four- to six-digit code that you must enter in addition to your password.
  • Security questions: Pre-set questions that only you should be able to answer, like your mother’s maiden name or the name of your first pet.
  • Code sent via email or text: A temporary code is sent to your phone or email, which you must enter to proceed.
  • Biometric scan: This could be a fingerprint, facial recognition, or even voice recognition, ensuring that only you can access your account.
  • Authenticator app: These apps generate a unique number every 30 seconds, which you use to verify your identity.
  • Secure token: A physical device like a key fob that generates a code, providing an extra layer of security.

Why Should You Use MFA?

In a world where cyber threats are constantly evolving, relying solely on passwords is no longer enough. MFA significantly reduces the risk of unauthorized access by adding an additional barrier that hackers must overcome. It’s especially crucial for protecting sensitive information such as financial data, client records, and other confidential materials.

By adopting MFA, businesses can ensure better data protection for their clients and themselves. This simple yet effective security measure helps prevent breaches that could lead to identity theft, financial losses, and damaged reputations.

Take Action Today to Protect Your Business

Cybersecurity is not just about having strong passwords; it’s about adding multiple layers of protection. By enabling MFA, you take a proactive step toward securing your digital environment. Start enhancing your firm’s cybersecurity with these layered defenses and stay ahead of potential threats.

And if you’re looking for additional ways to mitigate your risk, consider cyber liability insurance. It’s a crucial safeguard for businesses in today’s digital age. For more information, give us a call at 412-563-2106.

Strengthen your defenses and keep your data secure—because in the digital world, a little extra protection goes a long way.

Cybersecurity Awareness Month: Strengthen Your Defense with Fresh Updates

Posted on by

In today’s rapidly evolving digital landscape, cybersecurity requires constant vigilance. One critical step that’s often overlooked is keeping your software up to date. As we enter Week 3 of Cybersecurity Awareness Month, let’s shine a light on why software updates are essential for maintaining a strong digital defense.

Why Software Updates Matter for Your Security

Software updates are like fresh defenses in the ever-changing battlefield of cybersecurity. Much like a lawyer reviewing the latest case files to stay sharp, updating your software ensures that your security strategies are current. These updates contain patches that protect against newly discovered vulnerabilities. Without them, your system becomes an open target for cybercriminals looking to exploit any weaknesses.

The Risks of Outdated Software

Cybercriminals are always on the lookout for outdated software, which is more vulnerable to attacks. When you neglect to update, you’re essentially leaving the door open for hackers. Whether it’s your operating system, browser, or any application, outdated software creates gaps in your defenses that can easily be breached. By keeping everything up to date, you close those gaps and ensure your system is fortified against the latest threats.

The Importance of Trusted Sources for Updates

Not all software updates are created equal, and it’s crucial to download them from legitimate, trusted sources. Using unlicensed or hacked versions can introduce malware into your system, creating more problems than they solve. Always ensure you’re updating from official websites or platforms to avoid unintentionally weakening your cybersecurity.

How to Stay Ahead: Enable Automatic Updates

A simple way to never miss an important update is by enabling automatic updates. This feature ensures your software is always running the latest version, equipped with all necessary security patches. With automatic updates enabled, you won’t have to worry about remembering to manually update your software, and your system will stay protected.

Final Thoughts: Keep Your Defenses Strong with Regular Updates

In the world of cybersecurity, staying up to date is a key part of maintaining a strong system defense. Think of software updates as a routine check-up for your digital health. By making them a priority, you’ll ensure your defenses are ready to face any new threats. Stay vigilant, stay updated, and stay secure.

Cybersecurity Awareness Month: How Strong is Your Password?

Posted on by

Welcome to another exciting week of Cybersecurity Awareness Month! This week, we’re diving into the essential topic of password security. Imagine your password as your first line of defense in the courtroom of cybersecurity. It needs to be strong, unique, and hard to crack.

Why Password Strength Matters

Hackers often break into accounts by guessing or stealing weak passwords. Using the same password across multiple sites is like using the same defense strategy in every case—it makes you vulnerable. Protecting yourself starts with using strong, unique passwords.

Tips for Strong Passwords

  1. Length and Complexity: Ensure your password is at least 12 characters long. Mix it up with upper and lower case letters, numbers, and special symbols.
  2. Uniqueness: Each account should have a different password. This way, even if one account is compromised, others remain secure.
  3. Use a Password Manager: Can’t remember all your passwords? A password manager is your best friend. It’s like having a legal assistant who organizes all your files for you. It safely stores your passwords, generates strong ones, and ensures you don’t have to memorize them all.

Our Recommendation: KeePass

Here at our office, we use KeePass. It allows you to create, save, and search for passwords easily. KeePass can help you maintain that strong defense system by managing your passwords efficiently.

Remember, protecting your accounts starts with building a robust defense. Make your password fortress unbreakable!

Stay safe and secure online, and join us next week for more cybersecurity insights!

Defend Your Inbox: Recognizing and Preventing Phishing Scams This Cybersecurity Awareness Month

Posted on by

As October unfolds, it’s time to focus on a crucial aspect of our digital lives: cybersecurity. October is Cybersecurity Awareness Month, a perfect reminder to fortify our defenses against cyber threats. Whether you’re working in the office or remotely, the security of your personal and your firm’s data is paramount.

Just as you would build a solid legal case, constructing strong cybersecurity defenses is essential. Throughout this month, we’ll delve into strategies to keep you ahead of cybercriminals. Our focus areas include recognizing phishing attempts, using robust passwords, keeping software updated, and enabling multi-factor authentication (MFA).

Phishing emails are a prevalent method used by cybercriminals to infiltrate your inbox. Alarmingly, almost half of social engineering attacks are phishing-related, and a staggering 98% occur through email. However, these emails often carry signs that make them detectable.

Here’s how to spot a phishing email:

  1. Too Good to Be True Offers: If an email offers something unbelievable, like winning a contest you never entered, be skeptical.
  2. Urgent or Threatening Language: Emails that use alarmist language might be phishing attempts.
  3. Suspicious Email Addresses: Verify if the sender’s email matches the company it claims to be from.
  4. Requests for Personal Information: Never send personal information or click on unfamiliar links.

When in doubt, report suspicious emails to your IT team immediately. Your swift action could prevent a severe data breach, much like stopping an argument before it escalates.

Stay vigilant, and remember, your proactive defense is crucial to your firm’s security. Let’s work together to make this Cybersecurity Awareness Month a success!

Be prepared against cyber attacks

Posted on by

In the past 4 weeks, we have covered multiple cyber security exposures that are common to law firms, including:

We have also covered how to minimize the risk associated with them.

However, they all have one thing in common…a human element, which is almost impossible to safeguard 100%.  About half of all data breaches happen due to some type of human error.

This is why we recommend purchasing cyber liability insurance.

Cyber liability insurance provides a combination of coverage options and services to help protect businesses against data breaches and other cyber events as well as help to recover quickly if an attack does take place.

This insurance can help cover the costs associated with an attack or breach, such as:

  • Lost income due to cyber event
  • Customer notification 
  • Data recovery
  • Damaged computer repair
  • And more!

Law firms use multiple types of technology that face cyber risk.  As this tech becomes more complex, so does the risk that comes with it.  This is why every business should be prepared with a cyber security plan/training as well as cyber liability insurance to help mitigate the risk.

Let INF help place you with the best cyber liability carrier for your firm’s needs.  To get started, give us a call at 412.563.2106 today.

Do you have multi factor authentication to verify your identity…because 44% of businesses don’t

Posted on by

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

Did you know that 44% of businesses don’t use multifactor authentication?

Your question back to me might be – What is multifactor authentication and why would I need it?

Multi Factor authentication or MFA is a security method that needs a user to use two or more authentication factors to prove who they are before they can use an organization’s network, check their email from a remote location, or use privileged or administrative accounts.  It helps make sure that you are who you say you are.

The most common use of MFA is when banks or credit cards require you to input a password as well as a code that they email/text/call you with.

MFA should be used by law firms with email accounts as well as accessing any network remotely.

In fact, according to Microsoft, 99.9% of account compromise attacks can be blocked by MFA!

Most email products as well as system access software have MFA built in, so be sure to enable and protect your data!

Questions about risk mitigation for this exposure?  Call us at 412.563.2106.

Next week, we will talk about how to protect your firm against multiple exposures!

Check to see if your email/password combination has been exposed in a recent data breach

Posted on by

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

This week’s topic – Passwords!

Did you know that there is a website that you can go to check to see if your email/password combination has been a part of a data breach?  It’s called “Have I Been Pwned?” and you can access it here: https://haveibeenpwned.com/

It contains over 12 BILLION username/password combos that have been exposed in recent hacks.

Go to the site and enter your email address to see if you have been exposed.  If so – change your password immediately for the account that was hacked.

Want to create a good password?

Try using these 7 criteria:

  • 12 characters or more in length
  • Contains an uppercase letter
  • Contains a lowercase letter
  • Contains a number
  • Contains a symbol
  • Does not contain real words that could easily guessed by a dictionary attack
  • Hasn’t been used before as a password by your email address

Need help remembering each unique password?  Invest in a password manager, like 1Password or KeePass.

Questions about risk mitigation for this exposure? Call us at 412.563.2106

Next week, we will discuss multi factor authentication!

Do you know about the email wire fraud scam affecting lawyers and law firms?

Posted on by

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

This week we wanted to talk about wire fraud.  Despite the fact that wire fraud scams target a wide range of professionals, attorneys who handle real estate transactions and/or wire money are particularly at risk.

Lawyers should be aware of any fraud schemes that could cost them and/or their clients hundreds of thousands of dollars if they transfer money to or on behalf of clients. The Federal Bureau of Investigation (FBI) estimates that scammers have stolen up to $1.33 billion just in the United States.

Here’s how the scheme normally works:

  • The scammer will gain control of an email account from at least one of the parties in a transaction.  Typically that transaction will be in real estate.  They will use this access to gain details.
  • The scammer will send a set of emails that appear to be legitimate discussing the details of the deal to build trust
  • Then, the scammer will send wire instructions OR make changes to a previously supplied set of instructions
  • The scammer will say this matter is “urgent” and that everything “needs to be done today”.  This is so the normal set of checks and balances will be bypassed, thus eliminating the normal scrutiny requests like these should get
  • Then, the attorney would unknowingly wire the money to the scammer’s account and the scammer will typically move that money immediately to an overseas account so it cannot be stopped

There are a few ways that attorneys can prevent wire fraud – 

#1 – Be hyper-vigilant

First, attorneys should be on the lookout for wire fraud scams and be skeptical whenever money is being wired to finish any kind of transaction. Wire fraud scams that use emails can involve anyone in a transaction, from someone the attorney has worked with for 40 years to someone they have only met briefly for one transaction. Because of how email works, it is much easier to hide a person’s true name through email than over the phone or in person.

#2 – Use a second authentication factor

Use a phone call as the second authentication factor to easily check on all wire transfer requests.

Before any money is moved out of the law firm for a transaction, an attorney can find out about most possible fraud scams by calling the person who is supposedly sending the email. Attorneys should always use the contact information they already have for the person instead of the information in the email, which could be fake. Lawyers can also call someone else at the company. The main point is to do something outside of the email chain that could be hacked.

#3 – Be skeptical of last minute changes

Be careful when a party in a deal suddenly changes how they usually do things. This could mean moving money to a different account, using a personal email address instead of a work one, or talking to someone else at the company. All of these things could be signs of a possible scam. 

Questions about risk mitigation for this exposure?  Call us at 412.563.2106

Stay tuned for next week where we will send you a website where you can check to see if your email/password combination has been exposed in any major hack.

50% of all businesses are worried about ransomware – are you?

Posted on by

Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.

A common question that we hear from our insureds is – What is ransomware and can it affect me?

Ransomware is a type of harmful software (also known as “malware”) that online thieves use to access a victim’s network. Typically, this happens via a download by an employee that was tricked.  Once they are into the system, they’ll encrypt it so you can no longer access anything.

Finally, the thieves will demand a ransom, generally in bitcoin, in exchange for the decryption key.

Attackers using ransomware have recently increased their aggressivity, requesting six-, seven-, and even eight-figure ransom payments from organizations. It is more difficult for organizations to recover from such an attack as a result of these criminals deleting backups and, in some circumstances, issuing threats to reveal critical or confidential material.

Can it affect law firms? YES!  In fact, here is a link to an article discussing a ransomware attack that is common to the legal industry: https://www.logikcull.com/blog/maze-ransomware-law-firms

One way to prevent ransomware affecting you is to make sure that your employees are well-trained on spotting suspicious emails and attachments.  This way, they won’t download malicious files.

Another way to prevent ransomware is to make sure that you have a complete backup of your system that can be restored within 24-48 hours.  This will enable you to put your system back up and lose minimal time without needing to deal with the criminals.

Questions about risk mitigation for this exposure?  Call us at 412.563.2106

Stay tuned for next week where we will discuss wire fraud.

Is Anyone Phishing for Your Firm?

Posted on by

In 2022, cyber criminals have sent about 3.3 billion phishing messages and caused over 4000 data breaches. This exposed about 22 billion personal records. 

What is Phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legit institution to lure individuals into providing sensitive info. And such as PII banking and credit card details and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.

How do we fight phishing? 

Knowledge

Humans are the number one cause of phishing schemes to succeed. So knowledge is definitely going to be one of your big tools. Make your employees knowledgeable about phishing attacks, the common phishing attacks that are happening now and answer any questions that they might have about these different security issues.

Safeguards

Over 50% of the attacks were caused by humans, but that other 40 something percent was caused by issues in the system. So having safeguards in place, such as a really good spam filter, can help fight against phishing.

And what’s interesting is, Google actually has better safeguards in place than Microsoft Office. So organizations that use Office 365, are more than three times as likely to experience a business email compromise when compared to Google Gmail for business. 

One reason that’s probably true is because Microsoft only has access to their small amount of data that is Microsoft specific, whereas Google has access to 90% of the world’s data on the internet. So it would make sense that the Google spam filter and their email filters are much, much stronger, because they have access to so much more data.

Ways to spot phishing schemes

It contains an offer, that’s, that’s too good to be true

If you’ve ever received an email that said “click here to claim your $500 reward”, they want you to go to a website and put in your name and your bank account so they can deposit that $500 reward. 

Language that’s urgent, alarming or threatening

In one week, we had three different clients send an email that says the subject line is urgent, your site has been hacked. And the email goes on to say, deliver $3,000 in Bitcoin, or we will take your website offline, and put something else up in its place. So anytime you receive anything like that, that’s definitely a big key to spotting phishing. 

Poorly crafted writing with misspellings and bad grammar

Now, this next one, it’s not as prevalent anymore with AI becoming a lot more in tune. More of, you know, chat, GBT, stuff like that. You and I know that no financial institution and no attorney is going to send out anything that has bad grammar. So that’s definitely a way to spot a phishing email. 

Greetings that are ambiguous or very generic

You may receive an email that says hello gentleman, or welcome lady. Ignore these.

Requests to send personal information. 

This happens a lot with people pretending to be banks, or pretending to be PayPal. They’ll say, oh, there’s an issue with your account, click here to sign in and put in your financial information so we can verify it. Don’t do that. PayPal and banks have come out and said, we will never send you an email that’s like that, so that’s definitely an email to ignore. 

Urgency to click on unfamiliar hyperlinks or an attachment

A real website for a bank, credit card company, or other business won’t look or feel like it’s trying too hard. You won’t find important messages spread all over these sites. If you go to a site and it seems to have a lot of urgent messages that don’t seem to fit, you should check the URL to make sure you’re in the right place. Phishers use this kind of urgency to make it more likely that people will share sensitive information quickly and willingly.

Strange or erupt business requests

In this type of phishing attack, the victim is sent an email from an address they know, like the CEO, the Human Resources Manager, or the IT support department. The email tells the victim that they need to act quickly and transfer money, update information about their employees, or install a new app on their computer.

Fuzzy or low resolution images

A company will never send you an email where their logo looks bad. If their logo looks bad or fuzzy, whoever sent it didn’t have access to the high resolution version of it. So it’s not from them. 

The sending email address doesn’t match the company where it’s coming from

So if they say, Hi, this is PayPal, but the address says PayPal1234@outlook.com, those two don’t mesh. And so, you know it’s not from PayPal.

What does a phishing email look like?

As an example, we have this email where you can see this isn’t the actual PayPal logo, it’s a little bit different. It’s missing a few features. And then it says response required. Then you can see here it says service.epaypal@outlook.com. The purpose of this email is they want you to click this login and put in your username and password, so they have your paypal username and password.

Common phishing schemes

Account deactivation

Compromised credit card

Funds Transfer

Social media requests

Google Docs fake login 

IT support request 

Social engineering

Questions about anything in this article?  Contact Stacey Ivol at 412-563-2106 or email her at sivol@integrityfirstins.biz