6 min read
Why You Want To Have Cyber Liability Insurance
Updated June 2023 An attorney’s decision to use a computer tablet, a cloud-based service such as Dropbox, a smart phone, a Wi-Fi network, or even...
We've crafted solutions tailored to your firm
The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.
2 min read
Mark Bassingthwaighte, Risk Manager : Sep 18, 2019 12:00:00 AM
I have two points to make with this short post and I’m going to start with the one that’s easier to swallow: fake help desks. Here’s the long and short of it. Scammers are buying online ads to push phony technical or customer support help desk phone numbers to the top of search engine results. The goal is to trick unsuspecting people who have a problem they feel they need immediate help with into mistakenly dialing one of these phony numbers. Should they do so, instead of reaching a legitimate customer support center representative at a major corporation along the likes of an Amazon or Facebook, they’ll be interacting with a scammer who definitely does not have their best interests at heart.
While more than a few have fallen prey to this particular scam, it gets worse. For example, if you were to ask Siri, Alexa or Google Home to look up a customer support number and place the call, how would you know if the correct number was indeed dialed? All I can say is humans and voice assistants can be, have been, and will continue to be hoodwinked.
So, what’s to be done? It really isn’t that hard. Now that you know that search engine and voice assistant results are not 100 percent error-free, always go to a company’s official website to search for the correct contact information for customer support.
I chose to share information about this kind of scam, however, to make a second and far more important point, which is this. Were you aware of this scam? If so, are you confident that everyone else who works at your firm, staff and attorneys alike, is also aware of it and would know how to avoid it? If not, your firm may be more vulnerable to a cybersecurity breach than you might believe.
For lack of a better description, the social engineering attack vectors, methods, and scripts that cybercriminals use to try and dupe as many as they can are continually evolving and changing. And the best defense to social engineering threats is regular ongoing training because of the dynamic nature of this threat.
At least quarterly, if not monthly, set aside 10 to 15 minutes for a firmwide mandatory training session and have someone share a blog post, a short article, or a brief training video that focuses on a current threat because there really is no other way to keep people informed. Look for help from your IT support, sign up for and share the free security newsletter from the SANS Institute called Ouch! or consider working with a company like KnowBe4, which can handle all your training needs. I know it’s hard, but knowledge is power and when it comes to preventing cybercrime, your firm needs all the power it can get.
Mark Bassingthwaighte will be hosting a Social Engineering webinar on October 9, 2019, “How to Prevent Phishing for Your Firm’s Weakest Link.” Sign up today: https://alps.inreachce.com/Details/Information/fcc9d856-7152-418e-95c1-2d9013a47f5c?ref=featured
Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.
6 min read
Updated June 2023 An attorney’s decision to use a computer tablet, a cloud-based service such as Dropbox, a smart phone, a Wi-Fi network, or even...
2 min read
As the general population becomes ever more skilled at spotting and avoiding the various email and phone scams cybercriminals perpetrate, scammers...
3 min read
I could hear it in his voice — the frustration over trying to figure out how to deal with a never-ending flow of email was palpable. Unfortunately,...