How to Protect Your Law Firm Against Phishing and Other Cyber Threats

August 21, 2018

Lawyers, business professionals, and everyday people agree that email has changed the manner in which we live.  Take email away from attorneys and their productivity would come to a grinding halt.  Though email certainly has its merits, this technology has also created an avenue for digital attacks to target unsuspecting victims.  In particular, phishing scams are a major cyber threat.  Nearly every attorney will eventually be targeted by a phishing scam.

 

How to Identify Phishing Scams

Phishing scams are challenging to identify for most law firms.  In the past, those operating phishing scams copied the address of a seemingly credible sender (often an employee at a firm) to transmit an infected email. Phishing scams have evolved to the use of domain names that appear to resemble that of the party being impersonated.  As an example, cyber thieves replace the letter “I” with the number “1” in domain names in an attempt to fool targets.  Some go as far as relying on Unicode homographs or words that appear to be correct yet are actually slapped together with foreign letters to form seemingly legitimate web addresses.  This approach makes it easy for hackers to generate web addresses that look credible when they are actually traps.  The scam has evolved to the point that the average person finds it difficult, if not impossible, to discern between real emails and websites and those of the fake variety.

 

Red Flags of Note

It is difficult to identify highly advanced phishing scams that appear in inboxes.  However, if your legal team is aware of specific signs to look for, sidestepping the scam will prove that much easier.  Subtleties ranging from minor spelling and grammar mistakes to improper tone should give your team pause.  If emails seem even slightly fishy, it is an indication the email is not from the party that claims to have sent it.  In particular, email attachments have the potential to wreak havoc on your firm’s network.

Do not click an email attachment until you are absolutely sure it is safe.  If you have not heard from the party sending the message in a while, if you are not expecting a message, or if the email seems even the slightest bit “off”, ask questions prior to clicking the attachment.

 

Even Minor Training Will Help

Training employees on the basics of cyber attacks has the potential to pay massive dividends.  Though it will certainly help to hire those familiar with the basics of cyber attacks, everyday people do not understand the nuances of cybersecurity.  Hold an annual training session to remind people just how serious these types of threats are.  These sessions will update personnel on the latest scams, provide assistance for virus protection, help employees identify emails containing threats and ultimately preserve the integrity of workplace computers and networks.