Hackers Have Now Exposed Over 8 Billion Username and Password Combinations – Were Your Credentials Among Them?

Posted on by
Hackers Have Now Exposed Over 8 Billion Username and Password Combinations

The week of June 7th may have seen the biggest release of hacked data ever published to the dark web.  Hackers publicly released over 8 billion username and password combinations!

A 100GB list of data assumed to be stolen during various hacks was posted to a popular hacker forum.  This is now being referred to as the “RockYou2020” list.

Want To Check To See If You Were A Part Of This?

Check here to see if your data was part of this dump: https://cybernews.com/personal-data-leak-check/

To use this tool, all you must do is enter your email or phone number.  The tool can safely access the hacked username and password combinations on the dark web.  It will let you know if your data is found.

What To Do If Your Data Was A Part Of The Released Data

If the tool tells you that your data was compromised, you should start mitigation steps immediately.  Go to every account that uses the exposed username/password and change the password.  Be sure to use different passwords for each account that are considered to be “strong”.

Want to know what makes a strong password?  A rule of thumb is to create a password that has the following 6 characteristics:

  1. More than 12 characters
  2. Contains at least 1 uppercase character
  3. Contains at least 1 lowercase character
  4. Contains at least 1 number
  5. Contains at least 1 symbol
  6. Contains no “real” words that could be guessed via a dictionary attack (where they go through a list of words from the dictionary and try to guess your password)

In addition, you’ll want to be sure to look for any unexpected activity within the account.  Make sure that all of your personal information is correct and that no money has been transferred unexpectedly.

If given the option, turn on the “Two-Factor Authentication” (or “2FA”) option associated with the account.  This will require you to enter a code from your cell phone or email to authenticate who you are.  2FA protects your accounts from hacker dumps like this.

Yes, this is a pain.  However, it’s better to have your personal and financial data protected. 

How To Protect Your Data Easily Using Password Managers

There are ways to make tasks associated with passwords easier.  According to a study by NordPass, the average person has 100+ online passwords.  Who can remember that many passwords?

INF recommends using a password manager like KeePass or 1Password.  A password manager will help you create and remember well-formed passwords for all of your accounts.  In fact, you can copy and paste from these managers, so you don’t have to type anything going forward.

These password managers can also be installed on your phone.  This makes browsing the web a breeze when you need to access your passwords.

Is There Anything That You Can Do To Protect Your Business Further?

Yes, you can protect your business with a cyber liability policy.  These policies help protect you from the threat of hackers, data dumps, stolen passwords, ransomware attacks and more. 

It takes less than 5 minutes to fill out the application for this insurance.  Contact INF to get started at 412.563.2106.

How Can Ransomware Affect My Law Firm?

Posted on by
What is ransomware?

With the multitude of ransomware attacks that have been in the news recently, we’ve been receiving various questions surrounding this topic.  So, we wanted to clear up any confusion on this topic.

First of all, what is ransomware?

As the name suggests, it is software that can hold your individual computer or your business’ entire system for ransom.  A cyber thief will take control of your network and not relinquish control until you have paid the requested amount.

According to Chainanalysis, which is a blockchain research firm, ransomware attacks are up over 340% in the past year.  Over $400 million dollars have been paid in ransoms.

The average ransom amount has been on the rise over the past few years.  In 2021, the average ransom requested is over $50,000.

Naturally, this leads us to the question of “How does ransomware get on your computer or in your network?”

The most typical way hackers accomplish this is via phishing emails.  These emails will pretend to be from an authoritative entity, like your bank or PayPal.  In reality, they are just posing as them and hoping to get you to enter your username and password into an online form that they created.

Now, according to security company SecureAuth, more than 50% of people use the same password for multiple accounts.  Thus, if a hacker can get one username and password combination from you, there’s a 50% chance that it can be used for all accounts that are associated with you.

Another common way that a ransomware attack occurs is through tricking you or your employees into downloading a piece of malicious software.  The download could appear to be a pdf or some other innocuous file type.  Once it’s in your system, it works like a virus.  It will lock everyone out and demand a payment.

What happens if you refuse to pay?

If you choose not to pay the ransom, there are a few different scenarios that could happen.

Scenario 1 – They move onto the next victim.  This is the best-case scenario and leaves you in a position of having to restore your system.

Scenario 2 – They discover that you won’t pay, so they leak private information about you or your clients online.  Depending upon what type of data you store, this could prove to be a huge blow to your reputation.

Scenario 3 – They discover that you won’t pay, so they decide to make their money a different way.  They sell the private data of you and your clients on the dark web.  Again, depending upon what type of data you have, they could make more money this way than if you decided to pay.

So, how can you protect yourself and your business from this type of attack?

There are 5 very clear steps for you to take to accomplish this goal.

Step 1 – Make sure that your entire system is backed up nightly offsite and off-network.  You should retain at least 2 weeks of full backups (or a month if you have the digital space).  This way, if the code doesn’t attack right away, you have the option of multiple data sets.

Step 2 – Have a plan in place for restoring from a backup in 24 hours or less if possible.

Step 3 – Train your employees to recognize cyber threats in all forms.  There are many cyber training programs available that will send tips, tricks and quizzes on a monthly basis.

Step 4 – Keep your antivirus and firewall software up to date.  You will see some added protection if you get your employees to use a VPN as well.

Step 5 –No system is impenetrable and many times, human error is the cause.  Purchase a standalone cyber insurance policy to guard against this.  Most cyber insurance policies cover this type of attack and provide the support to get you back up and running smoothly.

Have questions about any of these steps or how to purchase a cyber policy?  Contact INF at 412.563.2106.  We can get you a policy in less than a week!

Be Sure To Report Claims In A Timely Fashion

Posted on by
Legal malpractice claim

No one likes to report a legal malpractice claim to their carrier. It reminds us that we made a mistake or that very difficult client that is impossible to satisfy.

To make matters worse, legal malpractice policies demand that we also report any potential claims, not just actual claims, but those issues that may develop into an actual claim.

All claims, whether actual claims or potential claims must be reported to the carrier as soon as you become aware of them. Don’t delay this process. Slow reporting to the carrier can and will cost you money in that the carrier can simply deny your claim because the claim wasn’t timely reported. Proper notice must be given to the carrier.

A good tip is to review your policy and make sure you’re familiar with the reporting process. Making that call or writing that letter may be painful and dredge up a few bad memories or two, but it will provide a level of comfort knowing that the report was made and the denial of coverage is not in the cards for late reporting.

Having Trouble Getting Gas?

Posted on by
protectin your law firm from cyber attacks

Having trouble getting gas recently? I think we’ve been pretty fortunate in Pennsylvania in that the pipeline shutdown did not hit us too badly.

It does, however, drive home the point that if you haven’t purchased a standalone cyber policy, or at least considered it, you should. Cyber attacks have been on the rise in all sizes and types of industries and professions.

Some of the legal malpractice policies, perhaps even yours may include cyber coverage. Although it is a nice feature and benefit to have in the policy, it usually is nowhere near enough coverage. The limits are usually sub limits lower than your aggregate policy limit. The coverage is limited in scope, and it can dilute the insuring agreement.

Don’t get me wrong. Any added benefits in your insurance policy is usually a good thing. But don’t depend on ancillary coverage to protect your firm and your clients data. You should look into obtaining a standalone cyber policy.

How To Identify Malicious Email Attachments

Posted on by
Malicious email alert

Do you know that more than 50% of cyber attacks are due to employee error and negligence, and part of that negligence and errors are due to the opening of malicious attachments, and the employee’s inability to identify a malicious attachment? Well, I’m here today to give you a few tips on how you and your employees can identify those malicious attachments. 

One, always listen to your malware alert. If your email service or your antivirus software tells you not to open the attachment, don’t open the attachment, listen to it! 

Two, check out the message. Do you know who actually sent you the attachment? If you don’t know who sent you the attachment, maybe it’s best not to open the attachment. Does the email content actually look normal? Or look like most of the emails that you get? Is it jumbled? Are there misspellings? Is your name misspelled in it? Those are pretty good signs that the attachment is in fact malware. 

Check out the attachment file extension. If it is a .exe, don’t open it. That’s an executable file and you do not want to open it in your email. Other attachment file extensions that are most likely malware are the .docm extension, the .xlsm extension and the .pptm extension. If you see those, I wouldn’t open the attachment. Just be careful and think twice before you open any attachment. 

And lastly, always, always make sure that your antivirus software is up to date and current.

What Factors Influence the Price of Life Insurance?

Posted on by

The first few things that are taken into consideration are your age and your gender. 

Beyond that, the big factor is whether or not you use tobacco. Someone who uses tobacco in any capacity is likely going to pay a higher premium than someone who doesn’t. 

Beyond tobacco use and your age and gender, your health history does play a role. 

If you suffer from any sort of a terminal illness, you likely will not qualify for life insurance. On the other end of the spectrum, if you’re very healthy, you should qualify for a better rate.

What Insurance Is Needed When Starting A Small Business?

Posted on by

I’m starting a small business. What insurance do I need? 

When starting a small business, most of the time, money is pretty tight and price is a major consideration when deciding to buy anything. Usually, and unfortunately, insurance is pretty much always close to the bottom of the list. 

At a bare minimum, you do need to consider the purchase of any insurances that are mandated or required by the state that you’re in, and the industry that you’re practicing in. 

In my opinion, the most common required insurance in Pennsylvania is workers compensation. If you have employees, you need a workers compensation policy to cover them in the event that they are injured on the job. You should have this in place on the day you open up shop. 

Next, you should think about protecting yourself and the assets of your business. This can usually be accomplished with the purchase of a business owners package, which would include general liability coverage and coverage on the business personal property. 

General Liability protects you against negligence claims, and the business personal property actually protects the property of the business. Depending on the amount in your specific industry, these small business packages can be purchased starting at $500. 

Again, a lot goes into pricing and the pricing will vary. There are several other coverages that you need to consider and review, such as employee benefits, health insurance, professional liability insurance, cyber insurance, bonds, and crime policies, just to name a few.

But if you’re just starting out, you need to make sure you address the first three items that we talked about – workers compensation and a small business owners package which protects in general liability, and business personal property.

What Is An ERP?

Posted on by

In the world of professional liability insurance, ERP stands for an extended reporting provision.

This usually comes in the form of an endorsement, and it usually occurs in a few situations:

  1. In the event of your death
  2. In the event of your retirement
  3. Your entity dissolves

With a claims made policy, you need this extended reporting period provision to be issued, so your prior acts or your past professional services are covered under the last policy that you purchased.

How Is My Legal Malpractice Insurance Premium Price Determined?

Posted on by

When underwriters look at a risk, there are several factors that come into play in the pricing portion of the process.

A couple of the major driving factors or driving forces are:

  • How long have you actually carried insurance?
  • How long have you actually been practicing law?
  • What type of law do you practice?
  • What areas do you play in?
  • Have you ever had a legal malpractice claim?
  • Do you really care about risk management?
  • What kind of risk management techniques do you have in place in your office?

These are all things that an underwriter will look at that will either cause your premium to go up or cause your premium to go down.

New Insurance Type at INF for Small Groups

Posted on by

Usually I write about lawyers, legal malpractice insurance policies, coverage pricing, and some risk management ideas. But in this article, I want to talk to you about a different kind of coverage. 

As a matter of fact, it’s a coverage I just recently purchased for my office. It’s commonly referred to as small group benefits. This is a benefits package that protects the office with life insurance and disability insurance for the employees. There are a number of different benefits that can qualify under this small benefits insurance package including long term disability, short term disability, accident insurance, vision insurance, and dental insurance. 

The reason why this is an important topic is because usually, when you think about group insurance, you think about insurance for larger groups. This was true years ago when you couldn’t get a group policy if you had less than 10 employees. So this coverage was really pretty much exclusive for groups larger than 10 people… but not anymore. Now, if you have a group of two or more people, you’re eligible for the benefits. 

There are several different, what I call, beauties in the package and one of them happens to be guaranteed acceptance. This means that for you and your employees, you don’t have to worry about completing a health insurance application or worry about your past health as your acceptance is guaranteed up to a certain maximum benefit limit. 

The other beautiful thing about this is that all of your full time employees are eligible for it. So they’re not going to pick and choose, okay, we can only have these two people or these three people or this one person – no, all of your full time employees are actually eligible for the program. 

The other item that I want to bring up is that it is a high-tech administration where everything is pretty much done online. Your employees will have access to a portal that they can go on where they can see what their life insurance benefit is, what their disability benefit is, what their vision coverage is. It’s all online, it’s all done with a snap of a finger for  your employees. This is a great thing. 

The other nice thing from an employer perspective is that you can actually pay the premium online on a monthly basis. That’s what I like about it – I didn’t have to come up and stroke a check for $1,000 for the year or 2500 bucks for the year.

Whatever that premium is, you can actually pay for it monthly, making it very affordable. It’s a great benefit, your employees will really appreciate it and if you’re an old person like me, you’ll enjoy it because you know that the premiums will be a little bit less than what I think you’re used to seeing when it comes to life and disability.

If you’re interested or have any questions with regards to the program, shoot me an email or give me, Don Ivol, a call at 412-563-2106.