We have also covered how to minimize the risk associated with them.
However, they all have one thing in common…a human element, which is almost impossible to safeguard 100%. About half of all data breaches happen due to some type of human error.
This is why we recommend purchasing cyber liability insurance.
Cyber liability insurance provides a combination of coverage options and services to help protect businesses against data breaches and other cyber events as well as help to recover quickly if an attack does take place.
This insurance can help cover the costs associated with an attack or breach, such as:
Lost income due to cyber event
Customer notification
Data recovery
Damaged computer repair
And more!
Law firms use multiple types of technology that face cyber risk. As this tech becomes more complex, so does the risk that comes with it. This is why every business should be prepared with a cyber security plan/training as well as cyber liability insurance to help mitigate the risk.
Let INF help place you with the best cyber liability carrier for your firm’s needs. To get started, give us a call at 412.563.2106 today.
Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.
Did you know that 44% of businesses don’t use multifactor authentication?
Your question back to me might be – What is multifactor authentication and why would I need it?
Multi Factor authentication or MFA is a security method that needs a user to use two or more authentication factors to prove who they are before they can use an organization’s network, check their email from a remote location, or use privileged or administrative accounts. It helps make sure that you are who you say you are.
The most common use of MFA is when banks or credit cards require you to input a password as well as a code that they email/text/call you with.
MFA should be used by law firms with email accounts as well as accessing any network remotely.
In fact, according to Microsoft, 99.9% of account compromise attacks can be blocked by MFA!
Most email products as well as system access software have MFA built in, so be sure to enable and protect your data!
Questions about risk mitigation for this exposure? Call us at 412.563.2106.
Next week, we will talk about how to protect your firm against multiple exposures!
Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.
This week’s topic – Passwords!
Did you know that there is a website that you can go to check to see if your email/password combination has been a part of a data breach? It’s called “Have I Been Pwned?” and you can access it here: https://haveibeenpwned.com/
It contains over 12 BILLION username/password combos that have been exposed in recent hacks.
Go to the site and enter your email address to see if you have been exposed. If so – change your password immediately for the account that was hacked.
Want to create a good password?
Try using these 7 criteria:
12 characters or more in length
Contains an uppercase letter
Contains a lowercase letter
Contains a number
Contains a symbol
Does not contain real words that could easily guessed by a dictionary attack
Hasn’t been used before as a password by your email address
Need help remembering each unique password? Invest in a password manager, like 1Password or KeePass.
Questions about risk mitigation for this exposure? Call us at 412.563.2106
Next week, we will discuss multi factor authentication!
Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.
This week we wanted to talk about wire fraud. Despite the fact that wire fraud scams target a wide range of professionals, attorneys who handle real estate transactions and/or wire money are particularly at risk.
Lawyers should be aware of any fraud schemes that could cost them and/or their clients hundreds of thousands of dollars if they transfer money to or on behalf of clients. The Federal Bureau of Investigation (FBI) estimates that scammers have stolen up to $1.33 billion just in the United States.
Here’s how the scheme normally works:
The scammer will gain control of an email account from at least one of the parties in a transaction. Typically that transaction will be in real estate. They will use this access to gain details.
The scammer will send a set of emails that appear to be legitimate discussing the details of the deal to build trust
Then, the scammer will send wire instructions OR make changes to a previously supplied set of instructions
The scammer will say this matter is “urgent” and that everything “needs to be done today”. This is so the normal set of checks and balances will be bypassed, thus eliminating the normal scrutiny requests like these should get
Then, the attorney would unknowingly wire the money to the scammer’s account and the scammer will typically move that money immediately to an overseas account so it cannot be stopped
There are a few ways that attorneys can prevent wire fraud –
#1 – Be hyper-vigilant
First, attorneys should be on the lookout for wire fraud scams and be skeptical whenever money is being wired to finish any kind of transaction. Wire fraud scams that use emails can involve anyone in a transaction, from someone the attorney has worked with for 40 years to someone they have only met briefly for one transaction. Because of how email works, it is much easier to hide a person’s true name through email than over the phone or in person.
#2 – Use a second authentication factor
Use a phone call as the second authentication factor to easily check on all wire transfer requests.
Before any money is moved out of the law firm for a transaction, an attorney can find out about most possible fraud scams by calling the person who is supposedly sending the email. Attorneys should always use the contact information they already have for the person instead of the information in the email, which could be fake. Lawyers can also call someone else at the company. The main point is to do something outside of the email chain that could be hacked.
#3 – Be skeptical of last minute changes
Be careful when a party in a deal suddenly changes how they usually do things. This could mean moving money to a different account, using a personal email address instead of a work one, or talking to someone else at the company. All of these things could be signs of a possible scam.
Questions about risk mitigation for this exposure? Call us at 412.563.2106
Stay tuned for next week where we will send you a website where you can check to see if your email/password combination has been exposed in any major hack.
Because October is Cyber Security Awareness Month, we thought that we would take the next few weeks to highlight cyber security exposures that are common to law firms.
A common question that we hear from our insureds is – What is ransomware and can it affect me?
Ransomware is a type of harmful software (also known as “malware”) that online thieves use to access a victim’s network. Typically, this happens via a download by an employee that was tricked. Once they are into the system, they’ll encrypt it so you can no longer access anything.
Finally, the thieves will demand a ransom, generally in bitcoin, in exchange for the decryption key.
Attackers using ransomware have recently increased their aggressivity, requesting six-, seven-, and even eight-figure ransom payments from organizations. It is more difficult for organizations to recover from such an attack as a result of these criminals deleting backups and, in some circumstances, issuing threats to reveal critical or confidential material.
One way to prevent ransomware affecting you is to make sure that your employees are well-trained on spotting suspicious emails and attachments. This way, they won’t download malicious files.
Another way to prevent ransomware is to make sure that you have a complete backup of your system that can be restored within 24-48 hours. This will enable you to put your system back up and lose minimal time without needing to deal with the criminals.
Questions about risk mitigation for this exposure? Call us at 412.563.2106
Stay tuned for next week where we will discuss wire fraud.