Why law firms need a cyber awareness plan today

Published on April 23, 2020 | Webster Bank

Consider the cutting-edge intellectual property and privileged client information in your firmÕs data files. TheyÕre a prime target for hackers. Nowadays, criminals are especially interested in obtaining personal and financial information that can be sold on the dark web. Even though law firms maintain the highest possible standards of confidentiality, their cyber security can be an entirely different story.

Sophisticated high-tech crime is ever evolving and cyber criminals keep developing devious workarounds to infiltrate your defenses. They donÕt always need technology to break in; rather, they prey upon goodwill. They use social engineeringÑplaying upon the honest trust of your staff. For example:

One of your paralegals gets an email from the Managing Partner: ÒI need the XYZ files immediately. Please forward.Ó

It looks legitimate. What your staff doesnÕt know is this: Hackers have spoofed you. They penetrated the Managing PartnerÕs email accountÑpossibly weeks or even months ago. TheyÕve been watching your transaction history, including dollar amounts exchangedÑhighly specific information which can make their request seem credible.

Now theyÕre counting on your staffÕs cooperation.

High-tech attack, low-tech solution

The answer is due diligence (with a decidedly low-tech response): calling the Managing Partner to confirm the requestÑbefore you press ÒSend.Ó With any suspicious email from a colleague, client or vendor, double-checking can be the most important way to defend your firmÕs security and reputation.

A lot depends on the culture of your firm as well. Traditional practices, conservative by nature, may believe their cyber security protocols are sufficientÑbut they need regular check-ups against cutting-edge cyber fraudsters. ItÕs dangerous to presume that your professional confidentiality and privilege are adequate safeguards.

The disheartening moral of this story: DonÕt rely on trust. And donÕt assume other people are taking precautions.

Mobilize your team. Because readiness is everything.

Bring together the key people whoÕll have to respond to a cyber attack: not only your IT person, but key partners and staff. Include your CPA, banker and insurance agent É everyone who will be responsible for stopping the threat to your data and minimizing the damage to your firmÕs reputation.

Create an action plan, then practice itÑover and overÑuntil youÕre confident your team can respond like a well-oiled machine.

Ways your bank can help.

First, make sure you set up your banking for alertsÑevent notifications such as text or email alerts that may flag suspicious activity in your accounts.

Implement fraud services for your account with:

1. Check Positive Pay – comparing the checks presented for payment to your data in your bankÕs filesÑby serial number, amount, and payee name.

2. ACH Positive Pay Ð identifying potentially fraudulent debits presented against your account. It matches incoming ACH debits against your authorization instructions and allows you to make pay/return decisions online.

Above all, be proactive. DonÕt wait until the end of the month to review your banking transactions. And have a regular conversation with your banker about emerging new threats and the newest ways to thwart them.

Start with our comprehensive Fraud Awareness Checklist. It goes beyond the usual ÒTop 5 StepsÓ and helps you identify a full range of cyber vulnerabilities.