THOMSON REUTERS ELITE

SUMMER 2015 EDITION

Forefront
 

3 Recent Technology Threats That Matter The Most

With a seemingly new computer virus every day, administrators and firm employees are baffled as to if a link or site is safe, if their data is at risk, if their mobile users are secure, and if their network is truly safeguarded against threats.

These are questions we hear from law firms all of the time, and rightfully so! Hackers and malicious code writers are getting smarter and better at their jobs by the day, and the threats they create continue to become more and more sophisticated.

2014 was no exception. We saw a slew of vicious malware and attacks both in the news and from colleagues. This article will review some of the worst threats and growing trends in cyber attacks that we saw appear this past year. This is not only just to recap what occurred, but more importantly, to educate you on some of the methods attackers are using to gain access to your networks and data. Think of it as learning from the past to prepare for the future.

Help, I’m Locked Out Of My Files!

Recently, there has been a rise in the number of incidents of firms being threatened by scary malware like Crypto Locker, Crypto Wall, and Bash. These kinds of malware are much, much more than just having a PC infected with a virus and they are considered “ransomware” since they essentially hold your data hostage until the specified dollar amount is paid.

These types of malware attack somewhat similarly in that they infect by sneakily getting you to download a malicious file; perhaps an attachment on an email, a link you click though, or a download from a website. It then infiltrates your entire network and locks you out of your files until you agree to pay a ransom fee to the cybercriminals.

To counter this from impacting your firm, these are some steps which you can review you have in place at your firm:

  • DON’T open attachments that you aren’t positive are OK; attachments are one of the most common ways that malware spreads.
  • DON’T fall for phishing scams. Be skeptical. Phishing is a common way that online accounts are hacked into and can lead to more serious issues like identity theft.
  • DON’T click on links in email that you aren’t positive are safe.
  • DON’T install “free” software without checking it out first. Many “free” packages are so because they come loaded with spyware, adware, and worse.
  • When visiting a website, did you get a pop-up asking if it’s OK to install some software that you’re not sure of because you’ve never heard of it? DON’T say OK.
  • Not sure about some security warning that you’ve been given? DON’T ignore it. Research it before doing anything.
  • DON’T leave your computer unlocked.
  • Choose secure passwords and DON’T share them with anyone.
  • And of course, have a good backup, preferably performing images of your server, where you can recover back to a previous point in time and always ensure Antivirus software is installed and properly updated.

To most of you, hopefully this is a refresher on general security practices that you already have in place, but think of it as a public service announcement to ensure that if you do get hit by this nasty malware, you have ways to protect yourself and beat the cybercriminals at their game.

Besides ensuring that your business network is secure, there is a new frontier for cyber attacks. Let me ask this question, and be honest: “What policies and protections do you have in place for your firm’s mobile devices?”

Is there an App for that?

In 2014 we also saw a big increase on mobile threats. According to a recent McAfee Labs threat report, mobile malware has increased by over 167 percent in only this past year. On top of that, you need to consider how you manage all the different devices that your users bring into your network. This can be a far greater security risk because the growing workforce of Millenials demand to have their personal smart phone integrate with the firm or business technology.

With the growing trend of BYOD (Bring Your Own Device), how does a firm manage all of these devices and ensure confidential firm data is not being compromised? Below are five steps you can take to address the use of personal devices in the workplace:

  1. Create a solid foundation by defining what is critical and what needs to be secured and then develop a policy to work with multiple platforms and get the firm’s positive buy in to the plan.
  2. Develop separate “virtual” containers – one for the firm’s business and one for personal use.
  3. Make sure to cover these basic security requirements for each user:

        -   Ensure there are strong passwords for devices.
        -   Implement some form of local data encryption.
        -   Have the ability to remotely wipe device.

  4. You should consider setting up a lost phone hotline within your firm that goes to a designated person (IT administrator) who can immediately wipe the phone if needed and ensure of no data loss.
  5. Consider installing antivirus protection on these devices. As mentioned above, more and more viruses are being created to attack mobile devices.

BYOD is here to stay and cannot be stopped, so it is imperative that IT work with it and create policies that protect the firm.

When Your Password Is “Password”

Your password is the main way you can verify and access your confidential accounts and systems. The issue is, many people have weak passwords. There has been an extremely large increase in 2014 in the number of companies and services that have been breached with user account data being stolen (think Home Depot, Sony, Target…). If a hacker was to get a hold of your username, and you have a weak password, it could only be a matter of time before they have access to your account. Below are just some of the top used passwords of 2013:

  • 123456
  • password
  • 12345678
  • qwerty
  • abc123

If this happens, your account is compromised. Combine this with the fact that many people use the same password for multiple accounts, and you could see a massive breach leading to data being stolen, or worse – your identity.

It is therefore a good idea to use a separate password for each account you have. Also, make sure that the passwords used are strong and as different as possible from each other. A good rule of thumb for creating strong passwords is to include at least one number, a capitalized character, and a specialized character (e.g., @, !, %, ect.) Another, more automatic tool that could help ensure this is a password manager, which generates a different password for each account (I like LastPass).

What’s Coming Our Way?

I wish we knew! The nature of the game of cybercriminals is that the bad guys are always one step ahead. Think about the way cybercrime works:

  • Hackers create a code for a malicious piece of malware.
  • They disseminate it, and it spreads.
  • Security companies become aware of the malware and scramble to write a patch to protect against the malware.
  • The patch is released, and the network is protected against that piece of malware.
  • The cybercriminals change one small piece of the code, and the malware is now different, new, and rampant.

It’s a game of cat and mouse, and so your only true defense against all threats is to have a solid, image-based backup where you can always recover back to a previous point in time before the network was infected. So if you take one thing away from this security article, please be 150% positive that your current backup solution would be able to help you recover quickly in the unfortunate event that you were attacked. It is not a matter of if in today’s world of cyber threats, but when a firm will be affected and how the firm can mitigate those attacks.

*Originally published in the Winter 2015 edition of Leadership Exchange, the printed magazine for the Greater Los Angeles Chapter of the Association of Legal Administrators


WAMS

WAMS has been providing law firms with comprehensive, high-quality IT/computer consulting and support solutions since 1974. Our legacy of superior quality and service continues today as we design, install, and maintain a vast network of both onsite and cloud-based computer systems specifically tailored for each unique client. Click here for more information.

Return to Forefront main page »
 

elite.com
Thomson Reuters Elite Headquarters
800 Corporate Pointe, Suite 150, Culver City, CA 90230
© 2015 Thomson Reuters
 
Thomson Reuters