While we are preoccupied with COVID-19, cyber criminals are increasing their cyber-attacks. In Canada, phishing attempts doubled between 2018 and 2019,1 and one report out of the US indicates that phishing is up over 600% from 2018 to the end of February 2020.2 A remote work environment, in addition to law firms having their attention diverted on addressing COVID-related matters, potentially leaves data security matters less attended and creates potential system vulnerabilities. In Manitoba, two law firms had their entire computer systems infected with ransomware, which blocked access to their computers, client lists, emails, accounting and financial information and other digital files. The firms were asked to pay an enormous ransom to regain access to their computers, which were likely attacked when a partner or employee clicked on a link in an attachment or email.
Common types of fraudulent emails
Fraudsters use common and urgent or compelling messages to get you to click and compromise your inbox, such as: Covid-19 Updates; COVID-19 outbreak maps; Covid Survey; Urgent Action Required; Storage Space Exceeded; Security Alert; Password Expiring; UPS Delivery Notice; Job Satisfaction survey; Working from Home Protocols; Canada Post: Failed Delivery Notice; ERROR Delivery Request; and Unable to deliver message.
The emails ask recipients to click links to open attachments that are infected with malware. Once you click on the email, the fraudster is in your system waiting for the perfect conditions and the right opportunity to pounce. Fraudsters often take action when key personnel go on vacation.
With many lawyers now working remotely, the increase in virtual access to work servers requires extra vigilance. Ensure you provide cyber security awareness for your staff. To protect yourself and your law firm, be on alert and remind all staff to take the following precautions:
- Always think before you click;
- Never open a link or attachment in an email or text message from someone you do not know;
- If you receive a link or attachment that you are not expecting — even if it is from someone you know — call the sender using the telephone number you have on file (not the number listed in the message) to confirm that the message is legitimate; and
- If you open a link or attachment that you should have avoided, and a box opens that asks for your password or other information — Stop. Close out. Immediately call your IT department to run a scan on your device(s).
Success of Hackers
Ransomware is the most common cause of cyber claims and it is on the rise. The report by anti-malware software company, Emsisoft, estimated that ransom demands in Canada exceeded $360 million dollars when factoring in both direct costs and business income loss for 2019.3
For a more detailed explanation of what ransomware is, see Dealing with Cryptowall Ransomware (Benchers’ Bulletin 2015: No 1 – Spring) – an in-depth review of the virus and how to avoid getting caught.
Can ransomware fraudsters be caught? No. Any fraudster with even a moderate degree of sophistication will not be caught. You will likely have no way to recover your losses apart from insurance. Hackers’ success is largely due to sophisticated encryptions, ease of implementation, and anonymous payment in crypto currency. And the encryptions holding your system hostage are unbreakable. You either pay the ransom or you rebuild your system. Even if you have backups protected from a ransomware attack, it will generally take 7-14 days to rebuild a system at considerable expense.
Ten simple steps you can take to protect your system against a data breach
Talk to your IT professional about our ten simple steps and other measures you can take to protect your systems and your data:
- Create secure passwords for each account. Change them regularly and never share passwords with anyone. Use two-factor authentication. A reputable password management system that includes a random password generator may assist.
- Properly configure a firewall between the firm’s system and the internet. Talk to your IT professional about conducting security audits.
- Use up-to-date antivirus and malware endpoint protection on computers, laptops and handheld devices.
- Backup your data – talk to your IT professional about frequency (including staggering).
- Use encryption to protect hard drives, laptops, removable media, and back up media. Enable remote wipe capabilities for mobile devices and laptops.
- Make sure all critical patches and security updates are applied as soon as possible.
- Actively monitor systems for suspicious activity and log and archive system events as an audit trail.
- Use VPN or other encrypted connection to access public wireless networks. Avoid public Wi-Fi, and do not use unsecured Wi-Fi to connect to your work server, to do any banking, or to send any confidential or personal information.
- Keep servers and equipment physically secure. Avoid working in public spaces where third parties may view screens or printed documents.
- Cancel access to the network when employees are terminated. Maintain abandoned domain names after law firm mergers or acquisitions.
Do you need additional cyber insurance?
Even with Coalition’s cyber policy and even if you have taken all the steps you can to protect your system, we strongly recommend that you consider purchasing additional or excess cyber insurance. Talk to your insurance broker about buying more coverage for this risk. We provide information on commercial products here.
Footnotes:
1. 3 current scams to keep on your watch list—and avoid
2. Q1 2020 KnowBe4 Finds Coronavirus-Related Phishing Email Attacks Up 600%
3. EMISOFT Report: The cost of ransomware in 2020. A country-by-country analysis