by Felicien | Jun 20, 2019 | Education
The small city of Riviera Beach, Florida, north of West Palm Beach is the latest government to be crippled by a ransomware attack. Their data was encrypted by hackers so they couldn’t access it. This has paralyzed the City’s computer systems.
In an attempt to retrieve their data, the City of Riviera Beach paid the hackers nearly $600,000 (65 Bitcoin). Hackers demand Bitcoin because it’s a hard-to-trace digital currency. The City Council hopes to regain access to their encrypted data, although there’s no guarantee that this will happen.
Rose Anne Brown, a city spokeswoman for the 35,000 person city, said that Riviera Beach was working with law enforcement and security consultants. In the meantime, unless they had a secure cloud-based backup solution, all they can do is wait to see if their data will be released.
What Is Ransomware?
When ransomware infects your computer or mobile device, your organization’s operations can come to a grinding halt. You’ll be denied access to your computer and may even lose your data. Ransomware attacks have cost U.S. businesses millions of dollars in losses.
Ransomware attacks are on the rise. Attacks on business targets have seen a substantial increase in the first quarter of 2019, up by 195% since the last quarter of 2018. And for governments and organizations that are victimized, the consequences can be paralyzing and destructive.
Fast Facts:
Ransomware is the most malicious and frequently used form of malware today.
There’s more than one type of ransomware.
It’s important to know what to do if you experience a ransomware attack.
The best way to protect your organization from ransomware is to prevent it from landing on your computers in the first place.
Always back up your data so you can restore it in the event of an attack.
Ransomware blocks access to your data and demands payment through an anonymous system like Bitcoin to restore access. The criminals who distribute and operate these attacks are making millions of dollars. They extort money from you in exchange for a promise to unlock your computer. But this doesn’t always happen. The FBI doesn’t support paying a ransom in response to a ransomware attack.
What Can You Do To Protect Your Organization From Ransomware?
The best way to protect your organization from ransomware is to prevent it from landing on your computers in the first place.
If you experienced a ransomware attack, this means that it got through all your anti-virus software and security on your machine(s). Unfortunately, because ransomware performs multi-layered attacks, there’s no one security feature today that can protect against every threat. However, we can provide advice on the most current and effective protection.
The best security software is made up of layers that protect specific areas, and where each layer communicates with another for the best protection possible.
The first layer of protection is for your email where spam typically enters. Securing your email with the right program allows you to scan every email for malicious files before you or other users open them.
We can also offer a compatible sandboxing program so you can open attachments in a secure environment where they can be analyzed for ransomware.
Always backup your data so we can restore it for you in the event of an attack.
To protect yourself and your business from ransomware attacks, you must perform secure backups. This requires backups that occur in real time, daily and weekly. These backups must be isolated from your network to ensure they can’t be compromised by a ransomware attack.
We can provide a secure cloud backup so you can always access and recover your data from wherever you have an internet connection. We will need these backup files to restore your data. In most cases, we can erase the hard drive, reinstall the operating system and restore your machine with the backup copy.
We can also educate your staff about the threats and prevention of ransomware attacks. We’ll train your personnel with simulation tools to help them recognize malicious IT threats of any kind. By doing this, you’ll reduce the odds of falling victim to a ransomware attack.
by Felicien | Jun 20, 2019 | Education
If you are a lawyer or if you are hiring a lawyer, technology competence, often shortened to tech competence, is a term that you should be aware of. Recently, changes have been recommended in regards to tech competence and attorneys. Here is everything that you need to know about this topic.
What is Tech Competence?
Lawyers have always had a duty to be competent in the areas of law they practice. However, in 2012, the American Bar Association made a change to the Model Rules of Professional Conduct. The change being made was to make it clear that attorneys need to take steps to be competent in regards to technology. This change stated the lawyers need to stay competent in regards to the benefits and risks associated with technology that is relevant to their firm and line of work. Each state was free to adopt or reject this change, and to date, 36 states have adopted this change.
What New Changes Have Been Recommended in Regards to Tech Competence?
A committee met and issued a report in February of 2019 that recommended revisions be made to the current Rules of Professional Conduct in regards to technology. The changes that the committee recommended making were designed to make it clear that it is an attorney’s job and legal responsibility to ensure that they are competently representing their client. The changes that are being recommended to ensure that law firms and lawyers understand that this duty reaches into the technology that they use. The committee wanted to make it clear that it is a lawyer’s duty to ensure that client information is confidential, and as such, they are responsible for protecting against unauthorized access. Unauthorized access can occur if a database gets hacked or emails are intercepted.
The committee designed with making changes issued its report in February of 2019. The public was given the opportunity to comment and provide feedback through April 19, 2019. Currently, the recommendation is being reviewed by the D.C. Bar Board of Governors. Ultimately, they will decide if the recommendations should be passed on to the District of Columbia Court of Appeals, who ultimately sets the rules of practice within the District of Columbia.
How Can Your Law Firm Ensure You Are Meeting the New Guidelines?
While the changes in regards to tech competence and lawyers have not yet been approved, it is expected that it will be. It is also expected that many of the 36 states who adopted the tech competence changes will follow the District of Columbia’s lead and adopted these rules. As such, you may find yourself wondering what this means for you as a law firm, lawyer or individual or business looking to hire a law firm. If you are a lawyer or law firm, you need to ensure that you are taking steps to protect any personal client information. You need to ensure your website is secure, that you are sending all confidential emails in an encrypted manner, and take steps to ensure your cloud is secure. As a client, you want to ask law firms what steps they have taken to ensure the technology they use is secure.
As technology advances, new changes will likely be made to tech competence and the way it impacts attorneys and law firms. Being proactive and ensuring the technology you use is secure is the best way to meet your requirements under the new guidelines.
by Felicien | Jun 20, 2019 | Education
There are many types of risk in business: the risk that a new competitor will come on the market and steal market share, the risk that top staff members will jump ship for a better offer . . . but are you considering the significant risk that is associated with a cyber attack? A recent report by IBM shows that more than 77 percent of companies don’t have a cybersecurity response plan in place, a dangerous proposition when you consider that 60% of businesses that suffer a cyber attack fail within 6 months. These are pretty terrifying statistics for small to mid-size business owners, especially in specific verticals that require the capture and storage of sensitive customer data such as health and financial information.
See why unsecured data is the #1 security threat to local small businesses.
(Response) Time is Money
When your business is able to react quickly to a malware or ransomware attack, you significantly raise the likelihood that you will be able to bounce back to full operations before your business is devastated by the impact. The response time that your technology team and business leaders are able to command could easily be a make-or-break moment, as cyber attacks can cost organizations thousands of dollars a minute in reduced productivity, losses of sales, compliance charges and more. Knowing that you have a comprehensive cybersecurity response strategy in place can help your business make the best of a bad situation and achieve the proper resilience that you need.
Ditch That False Sense of Security
You might think that your business is too small to be of interest to cybercriminals. Those hackers are going after the big haul, right?!? Turns out, the majority of cyber attacks are being committed against smaller organizations, because there is a perception that infiltration will be easier and criminals will be able to easily make off with your valuable customer data. Brokers on the dark web are willing to pay a significant fee for each stolen record, complete with a tiered pricing scale for financial data that is based on the size of the bank account. It’s crucial that businesses do not have a false sense of security, but proactively put plans in place that will help reduce the risk associated with a cyber attack.
Put Staff Members on Lockdown
Increase the security requirements for passwords, and require them to be reset on a regular basis. Invest in ongoing training for staff members that will help them understand everything from the potential of phishing attacks to why it’s important to stay away from specific activities online. Create security policies and put strategies in place to ensure that they are followed — and regularly reviewed and updated by cybersecurity experts. Actively engage white-hat hackers to look for holes in your current data security and then quickly put a remediation plan in place. While staff members may feel as though they are being placed on a type of lockdown, it’s imperative that information technology professionals effectively communicate the severity of the issue that is facing businesses today. When employees understand the damage that can be accidentally done to the organization, they are much more likely to be an active member of the solution instead of a part of the problem.
Creating a secure environment for your business data requires the proactive involvement of business and technology professionals alike. Just as you wouldn’t leave customer credit card information lying around the office or on a printer, you can also educate staff members that using an easily-guessed password is the digital equivalent of those poor security practices.
by Felicien | Jun 20, 2019 | Education
Most people know not to open email attachments from senders that they do not know. Unfortunately, it is not just attachments from strangers that you have to be on the lookout for. It happens quite often that people will get emails that seem to be from known senders that have malicious attachments, or that ask for confidential information. If you get such an email—or if someone gets such an email that appears to be from you but that you did not send—does that mean that your email has been hacked? Not necessarily.
Hacking and spoofing are two methods that bad actors use to manipulate individuals and businesses into doing things that are against their best interests. Hacking and spoofing can appear to be the same at first glance but are actually quite different. The risks of hacking, especially for businesses, are much greater than those posed by spoofing. Neither is desirable, but you want to know the differences between the two so that you and your employees can identify potential compromises to your email accounts.
Hacking vs Spoofing—What You Need to Know
What does it mean when your email account has been hacked?
A hacked email account is something you should be very concerned with. Being hacked means that a bad actor has managed to gain full access to your email account—which could mean that they have access to more than just your email account. There are a variety of ways to hack an email account, including:
Guessing your email password (seems unlikely, but you would be surprised how simple many email passwords are, such as birthdays, anniversary dates, and other information easily obtained on social media)
Answering your security questions correctly
You entered it into a website or form (it may have been a phony website, one that offered you a free gift, or a site you visited from a link in an email)
You used the same password on a different site and the site used it to access your email
You have a spyware program on your computer that recorded you typing in your password and sent it to a hacker
Viruses, malware or other undesirable software is on your computer and allowed a hacker to get your email password
If your email account has been hacked it means you need to take immediate steps to correct the situation. The risks to your system and your company information vary based on the way that the email password was obtained. A hacker guessing the password is much less problematic than having viruses, spyware or malware on your computer. A guessed password simply needs to be changed, whereas an infected computer needs to be cleaned up before more compromises occur that may be even more damaging to your business.
Even if the hacker guessed the password, there is a real risk that he or she could use the email account to access other information or accounts. If you suspect your email account has been hacked you need to take immediate steps to remedy the situation, including:
Check your recent email activity to see if anything was sent that you were not aware of
Change your password
Use different passwords for every account
Start using a password manager to generate random, complex passwords
Update your system to the latest OS and update your security software
Run your antivirus and malware detection programs
What does it mean when your email account has been spoofed?
Although spoofing can look a lot like hacking, it is actually something completely different. When your email has been spoofed, it means that someone sent an email that appeared to be from your email account but was not actually from your account. You can think of it as someone sending a letter and putting your return address on the envelope. Doing this is not too complicated with the right software. The bad actor does not need access to your email account to spoof your account.
Your account is safe even if you have been spoofed. However, having your account spoofed can be quite concerning, especially in a business setting. A bad actor could spoof your email and send a message to an employee asking for sensitive company information. There are a few things you can do to help prevent spoofing of your email address, including:
Do not share your email address with anyone who does not need it for business purposes
Do not allow employees to share your email address
Improving Business Email Security
For more information about improving email security for your business, please contact our IT services team.
by Felicien | Jun 20, 2019 | Education
According to the LawSites blog, as of this writing, there are 36 states that have adopted the ABA’s updated Model Rule 1.1, which states that lawyers should maintain technology competence. The rule is purposefully vague to allow for the constant changes in technology that the legal industry is encountering. Unfortunately, the vagueness can create some anxiety for lawyers who want to meet the requirements of the rule. What does the ABA mean by “technology competence”, and how can lawyers achieve competence?
To better understand the expectations of the ABA and the states embracing its rules, it is necessary to take a closer look at how technology has impacted legal representation and ways that it can improve a lawyer’s practice.
Your main goal as a lawyer has always been to represent your client to the best of your ability. It was once enough to be knowledgeable in your legal area to ensure competent representation, but skilled representation today also means being able to use technology to improve efficiency, security and ideally the results you get for clients.
Technology Competence—The Basics
Update to ABA Model Rule 1.1
To get a grasp on what technology competence means for you and your practice, it is helpful to read the updated ABA rules:
Maintaining Competence
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
As you can see, the rule is not terribly specific about what it means to be competent in technology for a lawyer. It states that you should, “…keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” However, if you consider what the relevant technologies are in law—and their benefits and risks—you can get a clearer idea of how to approach tech in your own practice.
Relevant Technology in Law
There are some technologies that are quite relevant to the practice of law and are being used by lawyers across the country and the globe. These include:
Electronic Discovery
Discovery has always been the backbone of case building, but electronic tools have increased the power and efficiency of the discovery process in numerous ways. These tools allow for more comprehensive preservation of information, more thorough review of information and faster production of information. Failing to leverage electronic tools in the discovery process is doing clients a disservice.
Internet Investigations
You do not have to be a professional internet investigator to get a lot of benefit out of internet searches. Just being able to do simple internet searches for information can make the investigation process faster and more thorough than it otherwise would be. There are also numerous tools available online for conducting investigations.
Cyber Security
Considering that most of the information you obtain for clients and from clients will be digital, it is incredibly important that you take basic cyber security measures to protect that information. From hackers looking to blackmail victims to government agencies reviewing every bit of information they can get their hands on, there is a multitude of actors who can target your data and compromise your practice.
Understanding the Technology Used by Clients
The clients you represent are using technology in a myriad of ways. You need to have a basic understanding—or possibly a much more in-depth understanding—of what tech they are using and how they use it. That means educating yourself not only on legal tech but also on any tech pertinent to your clients and their legal needs.
Courtroom Technology
There are a variety of tech tools that can make you more effective in the courtroom. They can help you better organize, present and explain information to your audience. Every little advantage you can get can make a difference when presenting your case.
Legal Technologies that Make Business Easier and More Efficient
Many legal technology tools are fairly mundane, but that does not make them any less useful. You can leverage them to provide your legal services with less work on your end. File sharing, automated document assembly and electronic court scheduling are all useful.
Using Technology to Better Serve Your Clients
Your ability to serve your clients is improved in many different ways through technology competence. While it may take time and effort to improve your competency, the benefits of doing so can be significant for both your clients and your practice.
To learn more about legal technologies that might benefit your firm, please contact our managed IT services team.