alt tag

Posts Tagged ‘data theft’


Addressing the Unique IT Management Needs at Law Firms

Wednesday, April 11th, 2018

Law firms face many unique IT management challenges that stem from the confidential nature of the information they work with. And that confidential data is why law firms must make the protection of information a key IT priority. Threats can come from outside (such as hackers using pressure to extort money from the firm) as well as inside (from technology failure). In order to adapt as threats change, it is important to understand both why law firms are prone to specific IT management challenges and how to address those challenges.

Why Are Law Firms a Prime Target for Ransomware?

As with other businesses, law firms must be ready for the growing number and scope of ransomware threats.

Hackers see law firms as ideal targets because lawyers may opt to pay the ransom to recover information for a case with an immediate court date.

Additionally, hackers may seek to exploit a larger law firm’s substantial financial backing to get an easy payday: A $300 ransom is worth much more to an individual than it is to a large firm. The 2017 ransomware attack against prominent global law firm DLA Piper demonstrates how serious these attacks can be.

Law Firms Are Vulnerable to Data Theft

While technology automates a great deal of law firms’ work, it also brings additional risks for information theft. The 2017 Equifax hack demonstrates exactly how far-reaching damage can be when hackers steal personal information.

Law firms also need to be concerned about keeping confidential client information confidential. Hackers may try to steal information stored on servers or personal computers through malware attacks and software exploits.

What’s less obvious is how criminals can use social engineering — such as posing as a client via email or during a phone conversation — to get law firms to give up confidential information.

External and Internal Data Loss

Law firms work with a substantial amount of information that can go missing due to both external and internal factors. For example, a firm’s server or an employee’s laptop may fail and lose all the data stored on the device. Additionally, employees may not always properly manage their documents and information, which makes them difficult to find. In fact, poor document management can cost a firm hours of productivity every week. IT management can help organize information through platforms such as a document management system to help minimize data loss related to human error.

Law Firm IT Management Solutions

While law firms face many unique IT challenges, businesses can take several steps to minimize risk and mitigate damage:

  • Implement a three-copy backup policy to safeguard against data loss related to ransomware, malware, device failure and human error.
  • Make sure that all software on all devices is up to date and running the latest version. Hackers tend to exploit user laziness by attacking security holes that could have been patched had the user not skipped an update.
  • Confirm that all information exchanges are secure. Don’t fall for social engineering schemes or use compromised public Wi-Fi networks.
  • Use document management systems to prevent losing data from mismanagement. These also serve as a type of backup.

If you would like to learn more about how your law firm can better manage its IT assets and protect itself from online threats, contact the IT experts at MPA Networks today.

Cybersecurity and C-Level Execs: Protecting Data While On the Go

Monday, March 26th, 2018

While all employees need to be mindful of security, the nature of C-level executives makes them more attractive targets for hackers. That means it’s necessary for them to take greater precautions.

According to TechRepublic, C-level executives are more vulnerable than other employees because of the mobile tendencies of their work, and they are higher-value targets because of their access to confidential information. Hackers often use lower-level employees as a way to work up to C-level executives to get the information they’re looking for.

Because of their vulnerabilities and target value, C-level executives need to adhere to the strictest security practices.

Internet Access Security Risks

Hackers can do a lot of damage with little effort if executives connect their devices to unsecured networks. C-level executives tend to travel frequently, which can expose their devices to vulnerable Wi-Fi networks. Coffee shops, airports, hotels and exhibition centers are among the largest and most vulnerable network threat locations — and all are places executives tend to frequent. Executives may be working on unsecured Wi-Fi or even worse: hacker-implemented Wi-Fi masquerading as a legitimate access point.

Your company’s best defense against vulnerable public and private networks is to avoid the “penny wise and dollar foolish” mindset: Pay for an unlimited mobile data plan with tethering support for your executives. Using mobile 4G internet on the go eliminates the risks of using out-of-office networks, and tethering support will allow C-level executives to connect their devices that don’t have built-in 4G mobile network access. Your company can also invest in network tunneling, VPNs and other security measures.

Executive Data Access Is an Attractive Target

Consider this hypothetical example: Bob from H.R. has access to everyone’s Social Security numbers, while Janet from accounting has access to the company’s financial records. But Sam the CEO has access to all that information and more. Because of this, hackers view executives as the biggest fish in the sea, and they will target executives over all other potential targets. This is an even bigger problem on outside networks than within the office network because executives don’t have all the security technology that the office provides protecting them.

In addition to preventing the attack, it’s also wise to limit the amount of data access an executive has on devices they use when traveling — especially for international travel.

Executives should use “burner” laptops/phones that only have the information they need for the trip in order to limit data exposure in the event of a hack. For example, don’t store a payroll spreadsheet containing every employee’s Social Security number on a travel laptop.

A stolen device is also an important risk to consider, so your business should always use encryption and secure passwords on executive devices used when traveling.

Email Is a Primary Attack Avenue

Email security needs to be a priority: It’s everywhere, so it’s irrational to think executives will only read and reply to emails in an office setting. C-level executives are primary targets in “whaling” attacks — high-value targeted email phishing scams. The main concern is man-in-the-middle attacks, where a hacker poses as a trusted individual in a conversation. Technology can only do so much to safeguard against whaling scams. Hackers may learn a great deal about a specific target and tailor their methods based on that information — unlike a standard phishing scam that involves throwing out a generic net to see who falls for it.

IT security is important at all levels, but lapses at the executive-level can have disastrous results. The IT consulting experts at MPA Networks can help your business implement strong security practices so your company can avoid catastrophic security breaches. Contact us today to learn more.