With Halloween this week we just couldn’t help ourselves. We had to take a look at this scary story of Facebook’s recent cyber hack of the century. The recent Facebook hack directly compromised an estimated 50 million Facebook accounts – including those of its bigwigs Mark Zuckerberg and Sheryl Sandberg.
Add the other 40 million at-risk accounts, and it puts this breach as the largest the social networking site has ever experienced.
This hacking incident reminds us of the absolute, non-negotiable growing need for Cyber Security Awareness. You won’t want to miss our next all-too-relevant webinar, Cyber Fortress: How To Protect Your Data Empire featuring data protection expert Michael DePalma. We have a few spots left- be sure to reserve your spot now!
It’s also the most dangerous yet, as the still unknown hackers have taken users’ access tokens, which allows them to go on a data acquisition spree that goes beyond your personally identifiable information (i.e., name, email, phone number, etc.)
Access tokens also give hackers access to your granular profile data, which include more specific information such as your gender, current city, birthday, work history, last 10 Check-Ins, and 15 most recent searches.
Should Law Firms Be Worried About This Recent Facebook Hack?
Yes. For the sake of survival, law firms should be on high alert about this massive Facebook hack.
Because hackers stole access tokens, they can easily exploit Facebook’s single sign-on feature. Which means, if you’re using your Facebook account as your login for other apps, hackers can also take over those accounts.
And once they do, they can launch a slew of specially crafted cyber attacks targeting your firm’s highly sensitive information.
Business Email Compromise Scam
Also known as CEO Fraud, hackers use social engineering to trick you into wiring payments or give away confidential information through email.
They often pose as a superior, vendor, or client, someone a regular employee wouldn’t dare question even if they ask for a highly questionable request. And to create an overwhelming sense of urgency, hackers would use social media to make ceaseless follow-ups, which makes the request more plausible and the scam more convincing.
An example of a BEC scam is the 2016 hack on U.S law firms, Cravath Swaine & Moore and Weil Gotshal & Manges. Wherein four Chinese hackers made more than $4 million from insider trading using the sensitive financial information they gained through the partners’ emails on the Intel Corp and Pitney Bowes Inc. merger.
Law firms are increasingly becoming a target for hackers and scammers because of two things – weak cybersecurity and valuable information.
A cybersecurity report revealed that 40% of law firms have experienced a hack and didn’t even know about it. Which is an unsettling statistics given that law firms hold highly sensitive financial information, intellectual property, and a ton of personal data.
Once they gain entry into your system, hackers can sell your data in the deep web, to your competitors, or even back to you through a ransomware attack.
The multinational law firm, DLA Piper, experienced this firsthand when it was hit by a malware that held their entire network hostage for more than two weeks sending their operations back to the stone age.
Hackers demanded a $300 ransom in Bitcoin or roughly $2 million – or they’ll wipe their system clean.
While DLA Piper was able to restore their system without paying the ransom, the real damage has been to the firm’s reputation and its ability to keep their clients’ information secure.
One word: Tinder.
Because hackers took access tokens from the latest Facebook hack, apps that use Facebook’s single sign-on feature are, in effect, already compromised.
Hackers can use private photos and messages to threaten an employee or intern with, to steal a law firm’s confidential information. Or worst, blackmail a partner and strong-arm that person to act against his own client’s interest.
Similar to ransomware, blackmail can deal long-term damage towards a business or a person’s career.
What Can Law Firms Do To Protect Their Data Against This Facebook Hack?
Hire A Dedicated Managed Services Provider.
The fact of the matter is, it’s more profitable for hackers to exploit networks that failed to update their system than spend their time cracking through a well-secured system.
Meaning, data breaches are entirely preventable if only law firms would take their cybersecurity seriously and invest in a dedicated managed services provider.
With a managed services provider, law firms are guaranteed to have:
- A regular systems update to patch all vulnerabilities.
- A training program for employees and managers to quickly identify possible cybersecurity threats.
- A data protection strategy that’s specific to your firm’s needs.
- A post-attack data recovery plan to prevent debilitating downtime.
Regularly Audit Your Office- Provided And Personal Devices
There’s no such thing as “cautious enough” when it comes to protecting your data.
Aside from a regular device audit – software update, system clean-up, device logins – you can also sign up for login alerts for quick notification of any signs of intrusion.
And if you suspect that you’re a victim of the recent Facebook hack, immediately go to your Account Settings and force log out all suspicious devices.
Always Enable Two-Factor Authentication
Just ask the Zuck, who learned this the hard way when his Pinterest, Twitter, and LinkedIn accounts got hacked because he failed to turn on his accounts’ two-factor authentication.
While there’s no severe damage (aside from a bruised ego), Saudi-based hackers, OurMine, didn’t forget to get cheeky and defaced Zuckerberg’s profiles with a message saying, “Don’t worry, we are just testing your security.”
If you want to know more about how a managed services provider can beef up your law firm’s cybersecurity and keep your data safe against hacks, read our post on Why Managed Services For Law Firms Makes Sense For Cyber Security And Data Protection and be sure not to miss our upcoming webinar on exactly these matters – Cyber Fortress: How To Protect Your Data Empire featuring data protection expert Michael DePalma. We have a few spots left- be sure to reserve your spot now!