3 Reasons Why Hackers Target Law Firms

A lot of law practices think they are immune to attacks because they’re so small, compared to huge corporations that have more data to hack. However, the truth is that your Connecticut or Massachusetts law firm is at risk just as much as Target, Sony, or Walmart.

It’s important to take measures to keep your law practice data safe, otherwise, you risk losing your valuable data to a hacker and destroying your reputation or client confidentiality in the process. Chances are that your office will be targeted if you don’t take preventative actions.

 

Here are three reasons why law firms are at the top of a hacker’s hit list:

 

Legal Practices Have Tons of Sensitive Data

Law firms have copious amounts of sensitive data ripe for the picking. Huge surprise! From employment contracts to medical files, attorneys and their paralegals work with sensitive information on a daily basis, which attracts hackers to the business.

According to the John Sweeney, President of LogicForce, “Law firms are the subject of targeted attacks for one simple reason. Their servers hold incredibly valuable information. That includes businesses’ IP, medical records, bank information, even government secrets. For hackers looking for information they can monetize, there is no better place to start.”

The typical law firm has employee records with social security numbers, financial records like credit card numbers, and some even have health records on file that fetch a handsome price. Hackers take this information and sell it on the black market, which makes it a lucrative source of revenue for cybercriminals.

 

Law Firms Have Limited Cybersecurity Knowledge

While large corporations have the funds and personnel available to enact strict security protocol and regulations, the small and medium-sized law practices don’t. Instead, attorneys rely on their staff’s limited knowledge of cybersecurity to protect their data.

According to the Verizon Data Breach Investigation Report, 61% of breaches hit smaller businesses last year, up from the previous year’s 53%. Given the attention directed towards the recent high-profile hacks, like Target and Equifax, you probably wouldn’t have guessed how vulnerable small businesses really are.

 

Law Offices Are Vulnerable to Phishing Attacks

Hackers are pretty methodical and don’t like to take unnecessary risks. Law firms are often targeted by pinpoint phishing tactics, where a hacker attempts to steal credentials by posing as someone with authority in your firm. They might steal the identity of your IT technician or a vendor in order to obtain credentials for internal access or specific documents. Another way they target firms is by sending an email impersonating someone you trust and asking you to download/open an email attachment that gives them access to your data. Worse yet, this type of activity makes it extremely difficult to trace the cybercriminals, making it a safer way to hack computers.

 

Even though law firms are prime real estate for hackers, it actually doesn’t take that much to proactively secure your computers, servers, and network. Proactive monitoring, updated antivirus, data breach response plans, updating operating systems, employee training, data encryption, email spam filtering, enterprise-grade firewalls, and two-factor authentication are just a few ways to dramatically decrease the potential of a hack affecting your law practice.

If you don’t have an IT firm to help you with all of these services and lock down your law firm’s IT security, give us a call at (860) 785-6233 to learn how we can help.

4 Technology Issues That Law Firms Trip Over

It’s already a handful to manage your legal practice without technology issues causing roadblocks in the day-to-day operations. When an issue with your office’s computers or servers does pop up, it produces a frustrating experience for both attorneys and employees alike.

Here are our top 4 common technology issues that we’ve seen small business trip over more than they should:

 

1) Data Leaks and Security Holes:

When considering the ever-increasing number of law firms handling valuable client data, many attorneys tend to slip into a false sense of security by assuming that they will be overlooked because of their small size. As a result, your law firm may have substandard or completely outdated security solutions and procedures that are simply not adequate to protect your client’s data. Leaving your law firm vulnerable can damage your reputation and, by extension, the business itself. It is a disaster waiting to happen, not to mention the downtime it will cost you. After all, if you were doing business with another attorney and their lax security allowed your credit card information or legal documents to be compromised, would you want to continue doing using them?

The truth is that small business is big business to hackers. In fact, the Small Business Committee states that “nearly 60% of small companies go out of business following a hack and 71% of all cyber assaults occur at businesses with under 100 employees”, which includes law firms.

Easy Fixes: Have the proper antivirus in place, update your operating system often, make sure your enterprise-grade firewall license is up-to-date, and follow PCI Compliance if you accept credit cards. There’s a lot more that goes into having the proper cybersecurity, so ask your IT firm to provide a full cybersecurity audit or an onsite vulnerability inspection for your law office.

 

2) No Backup

It’s incredible how many attorneys don’t think about their data and it’s storage. Stop and think about your law firm right now. If all of your data was deleted from your computers or servers 5 minutes ago, would you be able to start over?

According to Forbes, “more than 40% of businesses never reopen after a disaster, and for those that do, only 29% were still operating after two years. And guess what likely becomes of those that lost their information technology for nine days or more after a disaster? Bankruptcy within a year.”

While data loss can easily be avoided with the right solutions, too many law firms either find it an unnecessary expense or simply aren’t as diligent with their backup as they need to be. The best solutions are those that take incremental snapshots of the data every few minutes and store the data off-site, preferably in a secure cloud environment.

Also, an unmanaged, unmonitored backup is about as good as having no backup solution at all. If it’s not being maintained or tested, you have no idea if it’s even doing its job. Here at Encompass IT, we’ve met with many an attorney who 100% believes that their backup is working, only to find out upon inspection, that it’s not backing up to the right place or was never set up properly at the start.

Easy Fixes: Get a properly managed cloud backup solution, with quality checks and disaster simulation exercises. If you’re positive that your backup solution is working, have your trusted IT professionals check to make sure it’s set up and working correctly.

 

3) Inadequate Hardware and Software:

Most law firms believe that it only makes sense to delay buying new hardware and software until they absolutely need it. However, this risky strategy will most likely end up costing you more in the long run. Why? Well, as computers and servers age, not only is it harder to repair old hardware, but the components become harder to find and go up in price, following the simple economic laws of supply and demand.

From a cybersecurity standpoint, it also becomes extremely dangerous to neglect updating software/operating systems, since developers patch up vulnerabilities and glitches.

Also, it may become drastically more difficult to move data from an ancient version of an application or database that is several iterations behind, even if the software developers provide tools and instructions.

Easy Fixes: Replace computers every 3-5 years and replace your server every 4-6 years. Update your operating system and software applications as often as you can.

 

4) Insufficient IT Support:

Think about how many staff members you currently have as an IT resource in your law firm. More than likely, your average employee or paralegal isn’t equipped to troubleshoot company-wide email outages or properly service the technology equipment in your office. Your current in-house resources probably aren’t enough to provide your computers and servers the care they need to drive your law firm onward. So what do you do?

Instead of hiring an in-house IT guy and starting your own IT department, there may be a better, more cost-effective solution; a managed IT service provider. A solid MSP will ensure that your infrastructure and software solutions are optimized for your specific law office, as well as maintain security and backup solutions. They will also be there to answer any employee questions or troubleshoot those computer issues that crop up and devour your time.

If you don’t currently have an MSP to assist you with these four common technology issues that trip up many law firms, the Encompass IT team can be that MSP for you.

Give us a call at 860-785-6233 for a free IT inspection of your current IT setup and see if a Managed Service Provider (MSP) makes sense for you.

Cybersecurity Threats Every Attorney Must Thwart

It’s all over the news channels; data breaches and hackers wreaking havoc. Cybersecurity threats are everywhere, and it doesn’t help that there are multiple kinds of threats designed to attack in various ways.

 

Here’s a quick overview of the different types of malware and threats that every law firm should know about, and the sort of damage they can cause:

  1. Viruses: This threat is actually a computer program that is designed to infect other programs in order to spread. Side effects include altering your data in some way, either by stealing it, corrupting it, or completely deleting it, all usually without you noticing.
  2. Spyware: This cybersecurity threat provides a hacker with an inside peek into a victim’s systems. It would allow them to design a specific attack that is more likely to succeed, based on the behaviors and habits of a user.
  3. Computer Worm: As computer worms inch their way through your network, they infect as many of your devices as possible, including phones, tablets, computers, and servers. Encouraged by the amount connections the typical PC has to the outside, they try to spread its malware payload to as large a radius as possible. Side effects include usability of your systems, as they copy themselves until your disk space and bandwidth are at capacity.
  4. Rootkit: When accidentally installed, a rootkit provides administrator access to a computer or network, which allows them to install more malicious programs or change vital settings on the computer to render it useless.
  5. Trojan Horse: Named after the wooden horse of ancient Greece, this type of threat contains malicious bits of code that are disguised as a legitimate computer program. Once inside your device, side effects include the introduction a keylogger to capture typed passwords on your computer or manipulation of a webcam.
  6. Keylogger: These are malicious programs that record the keystrokes a user creates on their keyboard. They are extremely useful for hackers who are trying to gather login credentials for their target’s accounts, such as bank accounts or email accounts.
  7. Phishing: This method of attack is used to gather credentials from their targets, in which the malicious user tricks the victim by impersonation. Most often, this is demonstrated by email scams that have links to malicious websites with sign-in forms that offer appear legit. A phisher might take a direct approach and pose as a trustworthy person through email correspondence, asking for passwords or providing unsafe website links.
  8. Botnet: This threat is comprised of a web of interconnected computers that are infected and controlled by the malware distributor. Often called “zombie computers”, these computers are then used to further other attacks.
  9. DDoS (Distributed Denial of Service): These attacks are often the most damaging, as botnets and other types of malware are combined and assault a system with a large amount of traffic until it is rendered unusable, or temporarily disabled. While the system is trying to keep up with the amount of traffic, the hacker can steal any data they please.
  10. Exploit: This threat takes advantage of a particular, unpatched vulnerability in a system. By regularly updating your system, you can cut down on the amount of these attacks, but vigilance is the best way to stay ahead.

 

This is by no means a comprehensive list of every single cybersecurity threat out there, but it reinforces the fact that legal practices need to pay attention to their technology. Since we rely so heavily on technology to run our businesses, it makes it all the more important to know that you’re protected and can easily recover from the disasters these malicious programs can cause.

 

If you think that you’ve been infected by one or more of these 10 cybersecurity threats, definitely alert your IT firm and make sure you have the proper antivirus in place.

 

Here at Encompass IT, we provide enterprise-grade antivirus and remote monitoring services to protect your law firm.