Cybercrime: An Ongoing Threat to Law Firms

In the most recent issue of Law Practice Today Sheri Davidoff describes how hackers exploit weak security measures to steal from you and your clients. The most common targets: your email, logins, and files.

Email hacks

Once a hacker gains access to your email, he or she may download your entire mailbox, set up a rule to forward your messages to their account, or use email content to begin victimizing clients.

Preventive steps

Use proper passwords

Pass phrases (sentences) are the best. Otherwise, choose passwords at least 14 characters in length which contain symbols and numbers. It is critical to create unique pass phrases or words for each login to limit the scope of a security breach. Do not share them. Do not write them on sticky notes posted to your monitor. A password manager can make the job easier.

Turn on two-factor authentication

This sounds fancy, and if you’re not familiar with it, intimidating. It is neither. Login as usual, have your smartphone or cell phone handy, and enter the code texted to you to complete your login. It’s that easy.

Biometrics

You can use your face or your fingerprint to login if your device or software supports it. A quick Google search generates pages of “pros and cons” posts, which I will avoid repeating here.

Limit substantive content in email

Consider limiting what you say by email when the information is sensitive. Pick up the phone or send the client a message prompting them to login to your secure client portal instead. As Davidoff points out in her post, “Hackers commonly search your correspondence for ongoing conversations of interest—such as a real estate purchase or other upcoming financial transaction. Then, they actively monitor these conversations to maximize their ability to intercept a payment.”

Malware and ransomware abound

The most likely way to get infected with malware or ransomware is to click on a suspicious attachment or link. Use common sense before you click and if in doubt: don’t! Even if the message appears to come from a trusted source. Pick up the phone or compose a new message and ask the sender if he/she sent the email. (Don’t ask by forwarding the suspicious message – you are only spreading the threat.)

The US Department of Homeland Security has valuable tips on combating malware and ransomware. Also, take a few minutes and peruse the resources available at the ABA Law Practice Division (search: “malware”) or checkout the Professional Liability Fund CLE, Data Security/Data Breach: What Every Lawyer Needs to Know to Protect Client Information.  

All Rights Reserved 2019 Beverly Michaelis

Phishing Scam Hits OJD Users

Here are the details.

Streamline, Organize, and Improve Your Office

Be more productive

What if you could improve workflows? Leverage technology and automation to save time? Overcome procrastination? You can with Practical Time Management. This CLE offers over 30 ideas and strategies to help you take control of your workload, manage your busy schedule, focus on your priorities, and make your workday more productive. Accredited by the Oregon State Bar and available in audio and video format here.

Harness best practices

Not sure whether your firm is applying best practices to key office operations? Learn about automating client intake, documenting representation, modernizing the engagement process, and more in Best Practices for Client Intake, Engagement & Workflow. Combine this program with Best Practices for Docketing, Conflicts, Disengagement & File Retention to cover your bases.

Watch each CLE over lunch and earn 1.0 General/Practical Skills MCLE credits. Available now at On Demand CLE..

Get jiggy with eCourt

Understand common eCourt mistakes and master electronic service with eCourt Malpractice Traps and Oregon eService. Topics include: relation back of filings, UTCR amendments, upgrades to Odyssey eFile & Serve software, 12 common eFiling errors, key eCourt resources, using eService, service of process in the eFiling world, identifying eService exceptions, service contact issues, service by email, and courthouse dos and don’ts.

Trust Accounting – basic and advanced

From managing bank charges and avoiding impermissible cushions to reporting overdrafts and addressing client fee disputes, Trust Accounting Fundamentals covers all the basics of how to properly operate your lawyer trust account.

Want to delve deeper into the ethics of IOLTA? Advanced Trust Accounting will show you how to safely manage wire and EFT transfers, use layaway payment plans, collect “first and last month’s rent,” manage evergreen retainers and hybrid fee agreements, receive third party payments, barter legal services, pass on credit card transaction fees, handle unclaimed funds, respond to garnishments and liens, disburse settlement proceeds if your client is missing, and more – believe it or not!

Lucky 13

You’ll find 13 programs and a free eBook at on demand CLE. If it concerns law office operations, you’ll likely find it covered here.

Details for the detail minded

Q:  What does my on demand CLE purchase include?
A:  MP4 (video file), M4a (audio file), written program materials with presentation slides and resources, answers to polling questions addressed during the live CLE, MCLE Form 6 for self-reporting of MCLE credits.

Q:  How are the video and audio files delivered?
A:  Digital files are delivered instantly at checkout with your purchase confirmation email (look for the link). Download, stream, save to your Dropbox account, or send files to your mobile device or desktop computer.

Q:  How much do CLEs cost?
A:  On demand CLE programs are $25. The eBook, Tips for Improving Client Relationships, is free.  All transactions are handled by Selz and protected with industry standard security, including encryption. The Selz platform is also PCI compliant. Visa, MasterCard, American Express, and Discover accepted.

All Rights Reserved 2019 Beverly Michaelis

Imposter Fraud

Imposter fraud is perhaps the most common type of scam encountered by lawyers. As the FTC warns, it comes in many forms. Scammers pretend to be computer technicians, IRS officials, your banker, a client, or a law firm vendor. They may even pretend to be you!

No matter the method, the goal is always the same: to use social engineering to manipulate you into sending money. Here are nine tips from Webroot on how to avoid falling prey to phishing, vishing, and SMShing scams:

  1. Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.
  2. Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.
  3. Don’t let a link be in control of where you land. Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.
  4. Email hijacking is rampant. Hackers, spammers, and social engineers taking over control of people’s email accounts (and other communication accounts) has become rampant. Once they control an email account, they prey on the trust of the person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading.
  5. Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
  6. Foreign offers are fake. If you receive an email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money it is guaranteed to be a scam.
  7. Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
  8. Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
  9. Secure your computing devices. Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so.  Use an anti-phishing tool offered by your web browser or third party to alert you to risks.

All Rights Reserved 2019 Beverly Michaelis