• Skip to navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

American Academy of Estate Planning Attorneys

AAEPA, Inc

Find a Member Member's Login
Call Today (800) 846-1555
  • Membership
    • Membership Membership
    • submenu
      • Why Join?
      • Member Requirements
      • Become A Member
      • Meet the Team
  • Estate planning software
  • Education
  • Practice management
    • Practice management Practice Management
    • submenu
      • 11 Essential Systems
      • Coaching
      • Law Firm Marketing
  • Resources
    • Resources Resources
    • submenu
      • Live Training
      • Blog
  • Contact Us

Cybersecurity & Your Law Firm

Home » Exclusion » Cybersecurity & Your Law Firm

The subject line of the email read: “Support Greta Thunberg – Time Person of the Year 2019,” which seemed harmless enough. However, rather than providing information on climate change, the email actually contained a malicious Microsoft Word document which, if opened, would attempt to download malware onto the user’s computer. Malware has the ability to cripple a law firm, wiping out valuable data and rendering devices inoperable.

Although significant security breaches are usually the ones in the news, law firms of all sizes still have to concern themselves with security, as they may often be the target of viruses and phishing attempts as hackers try to access, change, or destroy sensitive client information, attempting to interrupt normal business processes and often to extort money.

Types of Threats

  • Malware: Malicious software that can be used to harm a computer user, such as worms, viruses, Trojan horses and spyware.
  • Ransomware: a type of malware that locks computer system files via encryption.  Hackers then demand a payment to decrypt and unlock them.
  • Phishing: fraudulent emails, mimicking emails from reputable sources, which instead steal sensitive data, such as credit card information or login credentials.

One of the most challenging aspects of cyberattacks is the continuous evolving nature of the threats developed. It seems like new viruses and malware are released online on a daily basis. Two significant security issues were found in the last week alone:

Firefox Vulnerability

Late last week, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a rare warning to all users of the desktop version of the Mozilla Firefox browser, urging them to update to the latest version due to a hacking threat. Older versions of the browser contain a critical vulnerability that could allow an attacker to take control of a user’s entire operating system. According to the CISA, “Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system.

This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 72.0.1 and Firefox ESR 68.4.1 and Thunderbird 68.4.1 and apply the necessary updates.” This issue does not impact mobile browsers.
The Fix:

  • Mac: launch Firefox and click About > Firefox and click the “Restart to update Firefox” button.
  • PC: launch Firefox and click on either Options > Firefox Updates or Options > Advanced > Update to update Firefox.

You need to upgrade to either Firefox 72.0.1 and Firefox ESR 68.4.1 or higher.

Microsoft’s Windows Issue

Earlier this week the National Security Agency issued an advisory regarding a major vulnerability in Windows 10 and Windows Server 2016 which can compromise the security of MS Window’s cryptographic functionality. Exploitation of the vulnerability allows hackers to appear as a trusted entity, while actually exploiting network connections and delivering executable code. Your operating system could be tricked using fake signatures and thus allow malicious apps to run on the OS, allowing hackers to control the system.

The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools have likely already been developed and are widely available. The NSA recommends that all users update their Windows 10 and Windows Server 2016 immediately.

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems. In the event that enterprise-wide, automated patching is not possible, NSA recommends system owners prioritize patching endpoints that provide essential or broadly replied-upon services.

The Fix:

  • To update Windows, click the Start button, then go to Settings  > Update & Security > Windows Update.

Keep Your Systems Secure

Your law firm should be implementing cybersecurity best practices in order to limit risk and protect IT assets from attackers with malicious intent. Security should be implemented in three basic areas:

  • Devices like computers, smart devices, and routers
  • Internal networks
  • Cloud-based data

Common technology used to protect these entities include firewalls, malware protection, antivirus software, and email security.

While you may have implemented comprehensive, effective, and likely expensive security tools, often the weakest links are the people using those tools.  Here are some cybersecurity tips to keep in mind:

  • Practice good password management. Use a strong mix of characters and don’t use the same password for multiple sites. Consider using a password management system, such as Last Pass. Use of such a system means you only have to remember one password.  It also allows you to easily grant or revoke access for your staff to various accounts, without having to share actual passwords.
  • Be sure you’re familiar with the sender before opening attachments or clicking on links in email. If an email is unexpected or suspicious for any reason, don’t click on it. Spelling and grammar errors are often a red flag for hacking attempts.
  • Only allow access to sensitive data from the office computers or other known devices.  Using a public computer or free Wi-Fi at a coffee shop puts you at risk of your data being copied or stolen.
  • Keep your website safe!  Be sure that whomever maintains your website continuously keeps all of your plugins, themes, coding updated to avoid any hacking attempts. And remember to back up your data regularly.
  • Make sure your antivirus software is always turned on and up to date.
  • Malware can be spread through infected flash drives, external hard drives, and even smartphones, so be cautious when plugging devices into your computer.

Cybersecurity helps prevent data breaches and ransomware attacks. When a law firm has a strong sense of network security, it is better able to prevent and mitigate cyberattacks. If you haven’t given any recent thought to how secure your law firm network and website is, now’s the time to contact your IT company to verify that your cybersecurity measures are up to date.

Rita Chaires
Director, Web and Online Marketing Services
American Academy of Estate Planning Attorneys, Inc.
9444 Balboa Avenue, Suite 300
San Diego, California 92123
Phone: (858) 453-2128
www.aaepa.com

  • Author
  • Recent Posts
Rita Chaires
Rita Chaires
Rita Chaires
Latest posts by Rita Chaires (see all)
  • 6 Content Marketing Myths Debunked - November 4, 2021
  • Law Firm Marketing on LinkedIn - October 7, 2021
  • Stop Googling Yourself and Start Accurately Measuring Your Online Marketing Success - September 2, 2021
SHARE

Primary Sidebar

Subscribe to our blog

Recent Posts

  • Avoid Unnecessary Family Disputes with a Letter of Instruction
  • Understanding Undue Influence – Part I
  • The Top 3 Estate Planning Must-Haves
  • How Do I Trust Thee… Part III
  • Time for a Mid-Year Check-In?

Categories

  • Academy Girl Friday (33)
  • Client Services (239)
  • Coaching (33)
  • Consumer Advantage (3)
  • Counseling (21)
  • Elder Law (5)
  • Estate Planning (930)
  • Estate Planning Documents (5)
  • Estate Planning Education (201)
  • Financial Analysis (3)
  • Financial Services (1)
  • General (20)
  • Law Firm Marketing (282)
  • Law Firm Net Revenue (7)
  • Law Firm Staffing (99)
  • Law Firm Technology (45)
  • Law Firm Web Tips (186)
  • Leadership (191)
  • Legal Education (651)
  • Marketing Tools (2)
  • Medicaid (1)
  • Member Services (1)
  • Owners Compensation (1)
  • Peak Performer Focus (1)
  • Practice Building Calls (1)
  • Practice Management (497)
  • SEO/Social Media Support (3)
  • Software (6)
  • Strategic Planning (10)
  • Uncategorized (15)

Footer

logo of American Academy of Estate Planning Attorneys

About Us

  • Meet the Team
  • Site Map
  • Legal Notice
  • Privacy Policy

Explore Our Services

  • Coaching
  • Estate planning software
  • Events
  • Legal education
  • Marketing
  • Web and SEO

Keep in Touch

Mon-Fri

9444 Balboa Ave. Suite 300

San Diego

(800) 846-1555

info@aaepa.com

Take Back Control of Your Business and Your Life

+

footer section | American Academy of Estate Planning Attorneys

© 2022 American Academy of Estate Planning Attorneys, Inc All rights reserved.

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent. Don't sell my personal information.
Cookie Settings Accept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept