Each week I send out a 2-minute cybersecurity quiz and it recently occurred to me that many of my subscribers don’t really understand the cyber threat landscape in-whole and the various potential risks that exist. To help, here’s a short list and explanation of the cyber threats I’ve quizzed you on and that you should be aware of:
- Viruses from ground USB sticks – find a USB and pick it and all day long you’ll have good luck. Well replace the word “USB” with “penny” and change “good” to “bad” and it (of so I know the logic doesn’t work but it’s funny) will be closer to correct. Hackers use social techniques like “lost” USB sticks to spread their malware and steal data. Don’t fall for it.
- Drive by viruses from non-work related web sites – not all web sites are safe and your curious searching clicks could land your firm in a world of hurt. To be safe, don’t go to sites you aren’t familiar with using your work computers.
- Email phishing scams – probably the most popular way firms are hacked. Hackers send you a super-legit looking email with a link or an attachment tricking you to click on it or open it and BAM!!! you’re whole firm is brought to it’s knees for days.
- Employee info theft/sales – yep, it’s true, people steal a. I’ve seen it happen too many times and from the least likely people. In fact some criminals actually bounce from firm to firm and job to job stealing data from every place they can and sell it to augment their incomes. Background checks!!!
- Data destruction by disgruntled employees – angry people do things when they get mad including deleting data or sending it to people they shouldn’t.
- Spear phishing – law firms tell who their staff are and the kind of work they do on their web sites. With a little work on LinkedIn, hackers can find who could approve wire/bank transfers and actually trick them into doing it. I’ve seen at least 6 times in the last 2 years where it’s been done. Once was for $400,000. No kidding. Money gone.
- Lost/stolen phones/laptops – without passcodes and/or data encryption it’s easy to get client confidential data off these if they’re lost or stolen.
- Vendor data mishandling – we all know the old copier hard drive story and how they were storing data on them without your knowledge. Law Firms use many outsourced providers and rarely “certify” them or even have them sign NDA/Confidentiality agreements.
- Employee data mishandling – using Dropbox or other web services without firm knowledge and/or approval.
These are just a few things you, as a law firm staffer should be aware of and stay educated on. Thanks for taking the quizzes.
If you’re not signed up for my weekly Cybersecurity Quizzes, you can do so here – www.legaltech180.com/free-cybersecurity-quiz. The quizzes only take about 2 minutes/week and getting them right is not as important as becoming aware of the threats. It’s such an easy way to educate, I’ve had firms of 150 staff sign up the whole firm.