payment to the plaintiff ’ s firm via electronic direct deposit to Haggard ’ s bank account with Wells Fargo , following the email instructions they had received from what they believed was one of the Haggard lawyer ’ s professional email address . UPS received a completed ACH form and payment instructions on bank letterhead from the Haggard lawyer ’ s email account and made payment as directed — only Haggard Law never received the funds . Apparently , cyber attackers had hacked the law firm ’ s email system and sent false instructions to UPS , directly the funds to a fraudulent bank account . Wells Fargo was able to recover most but not all of the funds and forwarded them to the plaintiff . But the plaintiff and the Haggard firm filed suit against UPS for the remaining settlement funds . UPS is arguing that The Haggard Law Firm failed to maintain adequate cyber security , among other claims , and that they shouldn ’ t have to pay the settlement twice . UPS is seeking a Declaratory Judgment , and the case is pending . This will be an interesting case to watch in the coming months — but it shows us how vulnerable law firms are to cyber-attack .
While there ’ s no foolproof way to completely protect yourself and your law firm from online attacks , it ’ s important to 1 ) understand that the risk to your law firm is valid , 2 ) identify where your law firm may be at risk , and 3 ) take reasonable proactive measures to minimize your firm ’ s risk from the most common areas of cyber-attacks . Cyberattacks can take many forms and are constantly evolving , but the best defense is knowing the most common cyberattack forms like malware , viruses , ransomware , and phishing .
Common Forms Of Cyber Attack
Malware is an umbrella term for malicious software that aims to damage your computer , server , and network .
Viruses and ransomware are also considered as types of malwares . Viruses can infect your computer , as well as other devices , leaving your system vulnerable . Ransomware works like a virus but is usually delivered through a phishing email and essentially holds your system hostage until a ransom is paid .
Phishing is a type of scam that tricks people into clicking links that appear legitimate but are actually infectious . Clicking a link infects your device with malware . Once your system is invaded , cybercriminals can attempt to steal sensitive information . Phishing falls in a wider category of social engineering , meant to deceive individuals into disclosing sensitive information or clicking an infectious link .
Based on my research and interviews with top cyber security experts , there are six things you can do to avoid cyber-attacks on your law firm ’ s data .
6 STEPS TO PROTECT YOUR LAW FIRM FROM CYBER ATTACK .
1 . Secure your wi-fi networks — Make sure your network is protected . Securing your wi-fi network will ensure that both you and your employees will have a secure connection while working online . You can secure your wifi networks by using a VPN to encrypt Internet traffic that passes through , using a firewall to block cybercriminals , and using a host intrusion prevention system ( HIPS ) to detect and block cyber attacks .
2 . Initiate automated remote backup and data recovery — Use an automated remote backup and data
recovery system , which will allow you to save and store an extra copy of all your data all safely . Thus , in the event of a data breach , you ’ re prepared , and your data is safe .
3 . Implement role-based access control — RBAC is the act of assigning limited access to your law firm ’ s information based on an individual ’ s specific role in the law firm . Limited access means that even if a single employee ’ s information and access becomes exploited by a scammer , not all of your law firm ’ s information can be stolen . It provides a layer of protection and built-in damage control .
4 . Multi-factor authentication ( MFA ) — Multi-factor authentication is an important way to secure all your data and accounts . In the event that an account ’ s password might be stolen somehow , the account cannot be accessed without approval from a second source , usually by receiving a special code from the account owner ’ s phone . It ’ s an extra layer of protection , making it that much harder for scammers to steal information from accounts .
5 . Get cyber security liability insurance — As one of our current Mastermind members knows all too wellpurchasing cyber security insurance is critical . For them , it was $ 4,400.00 well spent — saving them from a $ 950,000 liability . You should check with your local liability insurance carrier to add on a cyber security insurance rider to your existing liability policy .
6 . Familiarize all employees with the best practices for cyber security — One of the most important ways to
defend your law firm from cyber attacks is by making sure all your employees can spot red flags of scams when they see them . The best way to effectively educate your employees is by providing them with a clear cyber security policy that outlines the risks , the defenses in place , and the steps they can take to protect themselves and your law firm ’ s data .
The Trial Lawyer x 19