Relevant. Affordable. Actionable.
I’ve never come across a survey that confirms what I’m about to say; but I suspect the vast majority of people who see a padlock and “https:” in a website address believe the website they are currently visiting is trustworthy and safe. Afterall, it seems to reason that the “s” stands for “secure,” particularly given the added presence of a padlock. Upon seeing it, most will conclude the website is legitimate and thus safe for the submission of payment or other sensitive personal information.
Here’s what most folks don’t know. Yes, while that small “s” does stand for secure, that doesn’t mean the website is trustworthy and safe. All it means is the data stream is encrypted. This is an important distinction that everyone in your firm needs to be aware of. Here’s why. When cybercriminals set up phishing websites, which are websites that mimic reputable websites, they are routinely taking the time to set the website up as a secure website, which means when someone visits the rogue website, they will see an “s” after “http:” in the website’s address.
Why would cybercriminals do this? As I often like to say, think about it. If someone is trying to steal the login credentials to your bank account, the presence of that little “s” in the website address lends credibility to the fake website. It’s about trying to build trust, which they hope will translate to an increased frequency of victims falling prey to the phishing attack. In addition, their use of encryption ensures that any effort to monitor the data stream for potential threats is going to be far more difficult.
Now that you know, take the time to make sure everyone in your firm knows as well because all it takes for the login credentials to your firm’s IOLTA account to be shared with the wrong person is one mistaken belief. Trust me. The ever-evolving level of sophistication of phishing attacks coupled with the targeting of specific individuals means it’s only a matter of time before knowing the above could make all the difference in the world.
Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.
3 min read
Mark Bassingthwaighte, Risk Manager : Mar 4, 2020 12:00:00 AM
I’ll admit that advertising missteps rarely garner much attention from those who enforce the Rules of Professional Conduct. This shouldn’t be much...
1 min read
Mark Bassingthwaighte, Risk Manager : Apr 30, 2019 12:00:00 AM
As with any cyber threat, prevention starts with awareness of the risk. As a road warrior, I see people taking a particular and absolutely...
1 min read
Mark Bassingthwaighte, Risk Manager : Jun 5, 2019 12:00:00 AM
The belief that a computer or network breach is a ‘when,’ not an ‘if’ is practically dogma now. Given this reality, every law practice, regardless...
