“We regret to inform you, but your financial data might have been stolen.” It’s a scene straight out of your worst nightmare. It’s something that giant auditing firm Deloitte and a small Connecticut-based accounting firm had to deal with when they were hacked. Data breaches affect firms of all sizes, reiterating that the need for stronger cybersecurity for accounting firms is more real — and pressing — than ever.
Why do hackers target law firms? Simply put- The weak cybersecurity of law firms make them an irresistible lucrative easy target for hackers. Not only are they a goldmine for highly sensitive corporate, financial, and personal data, but also because most firms aren’t prepared to fight off such attacks.
Hackers target law firms with a vengeance — An ALM Legal Intelligence’s cybersecurity report, 95% of corporate counsel agree that cyber-attacks are becoming more frequent. But most law firms continue to ignore the threat with nearly one-third not undergoing any formal information, cybersecurity, and privacy assessment.
Just take a look at what happened to global law firm DLA Piper, who, after proclaiming themselves experts on cybersecurity (even offering their services to affected companies through their 24/7 Rapid Response hotline) fell victim to a massive ransomware attack. Ouch.
For days, they were unable to have access to their files and had to revert to good ol’ fashioned texting to manage the law firm’s operations. And with companies losing anywhere from $300,000 to $1.7 million every hour of downtime, it’s not surprising that it’s still reeling from the attack.
If this year taught us anything about technology, it’s that you should really focus more on protecting and securing your data. No matter how far digital technology has evolved; no matter how advanced today’s tools seem to be—they will remain vulnerable to a lot of different factors. So we thought this IT and tech checklist to achieve just that can help.
Let’s put it this way. Even unicorns exist in Google. So there’s absolutely no reason for your law firm not to have an active online presence. That’s just how important social media for law firms is. Period.
And if done right, a law firm’s social media presence will prove to be a strategic business decision that results in tangible and highly-profitable gains.
What we all do behind closed doors, is our business, right? This “Aaron Smith” Sextortion Scam suggests otherwise.
Imagine this (or maybe you don’t have to imagine because if you’re a business owner in the triangle area):
You open your inbox, and some guy named Aaron Smith in broken English says something to the effect of,
“Hey, I hacked into your computer while you were on adult website X, I turned on your webcam and recorded you and your screen, and if you don’t pay me $5000, I’m going to post this video on your Facebook feed and show your aunt Martha, your boss’s wife and everyone else in your world.
I have your information, I know your password is Rover050467.”
Yep. This latest scam/internet con/email phishing attack is called “Sextortion” because it’s whole tactic is based around threatening to share what you do in private to all of your peers. This one’s a doozie to say the least.
If you’re not signed up yet – attending our next webinar Tuesday November 13 from 1:00 – 2:00 PM on Cybersecurity: How To Protect Yourself And Your Business From Data Breaches is an absolute must.
Let’s dive into this debacle of a threat so you can learn how to protect yourself from this fantastically embarrassing (and clever!) email phishing attack.
With Halloween this week we just couldn’t help ourselves. We had to take a look at this scary story of Facebook’s recent cyber hack of the century. The recent Facebook hack directly compromised an estimated 50 million Facebook accounts – including those of its bigwigs Mark Zuckerberg and Sheryl Sandberg.
Add the other 40 million at-risk accounts, and it puts this breach as the largest the social networking site has ever experienced.
Got A Cool $1.6 Million To Burn? CEO Fraud And The Repercussions To A Business Like Yours
Here’s how you can lose $1.6 million from one email…the timeline goes something like this:
- A short and simple email from your boss, asking you to immediately send a large sum of the company’s fund to a new bank account, supposedly given to him personally by the supplier.
- You notice a few spelling errors, here and there. But it’s your boss, so you decide to let it go. You’re a little bit suspicious though of a supplier going directly to your boss instead of through you at accounting.
- You decide to ignore it for now. You want to confirm with the supplier first. But then you start to worry that your boss might find out that you didn’t believe his email, so you decide against it.
- You remember watching a funny TED video about this guy replying to spam, so you decide to check with your IT department first to make sure you’re not giving away money to some Nigerian prince.
- But before you could, you receive another email from your boss, asking what’s taking you so long to transfer the funds. You think about how he rarely contacts you. But he’s contacting you now for this particular transaction, so it must be important.
- You notice another spelling error. Glaring this time. But the boss – the one who hasn’t sent you an email for the two years you’ve been in the company – has emailed you twice now. Twice.
- So with the overwhelming need to impress your boss, you go against all common sense, and you make the transfer.
…And that’s how you lose millions of dollars from a poorly spelled CEO Fraud email.
Before you say you’ll never be one of those people who gets suckered into giving money to a Nigerian prince, just know that, a sophisticated version of this phishing email scam took tech giants, Google and Facebook, for over $100 million.
Yes. Google, a seller of security keys marketed as “the strongest, most phishing-resistant authentication factor for high-value users” and Facebook, a survivor of 600,000 cyber attacks every day, gave money to a Nigerian prince.
In this case, to a 40-something Lithuanian man named Evaldas Rimasauskas, who ran a sophisticated CEO fraud scheme, which involved him impersonating a large computer parts manufacturer using fake email addresses, forged corporates stamps, and phony invoices.
It took two years before anyone even discovered that they were being conned.
More than 1,000 data breaches were reported to the North Carolina Department of Justice in 2017. Since 2005—when North Carolina law began requiring businesses, state governments and local governments to report security breaches—there have been nearly 5,000 breaches reported. And those breaches, have impacted more than 14 million residents that call North Carolina home.
Secure file sharing is an essential part of keeping your business safe. We’ve always known security is important, but with the increased volume of connected devices and personal devices entering the workplace, it’s faster and easier to share company information. The ease and convenience of accessible data is great, but protective measures still need to be in place surrounding what’s coming in and what’s going out of company walls.