2 min read
How to Secure the Wi-Fi Router in Your Home
These days, most lawyers are taking appropriate steps to see that all work-related servers, computers, mobile devices, and cloud-based apps are...
We've crafted solutions tailored to your firm
The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.
4 min read
Mark Bassingthwaighte, Risk Manager : Aug 19, 2020 12:00:00 AM
I will admit that, at times and with topics such as cyber security, I can come across as overbearing to some and as a fearmonger to others. Speaking honestly, however, I never try to come across that way. Cybersecurity is simply a topic I am passionate about. Whenever I speak or write on this topic, my purpose is to try and do all that I can to help others avoid becoming yet another victim of a cybercrime.
I share this because I really do get it. Thinking about my own efforts to keep our home network secure and our personal information private, well, all I can say is it seems like an effort in futility. There really are days where I just want to say the heck with it and stop even trying. I don’t know if it’s a blessing or a curse; but when those days hit, and for whatever reason, I get angry. You see, I take it personally. The fact that all sorts of bad actors out there want to steal my identity, my money, my passwords, and the list goes on really ticks me off. The reality is I’m not good with that and this is where my motivation to fight back in whatever way I can comes from. It’s what keeps me going. Hopefully keeping all this in mind will allow you to hear my message.
In recent years, I have come to realize the true value of mandatory ongoing security awareness training in every business regardless of size, even solo practices. Truth be told, my wife and I often talk about cyber security. I will share breach stories, explain how specific types of malware work, and show her various real-world examples of phishing emails and smishing texts. And while it’s one of the ways she is able to enter my work world, as a victim of a cybercrime herself, she’s also well aware of the true purpose behind and value of these conversations. So, you see, even in my personal life, I walk the talk because this is one of the ways I learn as well.
Now, to the topic of this post, the purpose of which is to explain one of the many reasons why I believe that a failure to provide mandatory ongoing security awareness training to every lawyer and staff who works at a firm is a huge misstep. I’m going to ask you to trust me when I say that we humans are the weak link when it comes to cyber security and it’s all about the art of social engineering. One of my favorite cyber security lines is, “amateurs hack systems, professionals hack humans” because it speaks to the truth. And since humans can’t be patched and upgraded the way computers can, all we can do is educate them. Unfortunately, such efforts are often perfunctory, short lived or never even make it off the “to do” list.
Here’s the problem with not following through on training. If it hasn’t already happened, at some point, someone, maybe even you, will be tricked into doing something that will allow malware to be installed on your firm’s network. It might be clicking on a malicious link, opening an infected attachment, or logging on to a spoofed website, just for starters. Very sophisticated social engineering attacks have been and will remain for the foreseeable future the preferred attack vector because they are so darn effective at getting people to lower their shields when it comes to the actions they take while online.
The interesting question for me is this. What risks do we all face if our own online actions come up short? Allow me to share a few, and I truly mean a few, examples of common types of malware attackers are trying to trick you into installing on your network and/or any device that touches your network.
Perhaps now you have a sense of why I get angry and want to do all I can to fight back. More importantly, however, I hope you can begin to understand why I believe that failing to provide mandatory ongoing security awareness training to everyone who works at a firm, regardless of firm size, is a huge misstep. It’s because being hit with any of the above malware examples will prove to be more than a minor inconvenience. For some, such an attack may sound the death knell for the firm. With so much at stake, why risk it? If security awareness training isn’t currently in play, it’s time to make it a high priority item because the pros are out to hack your human assets and, like it or not, education is the only way to counter that.
Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.
2 min read
These days, most lawyers are taking appropriate steps to see that all work-related servers, computers, mobile devices, and cloud-based apps are...
4 min read
Few law firms seem to fully appreciate the level of risk that attorneys and staff truly represent. Of course, the ultimate goal is to avoid having...
1 min read
Regardless of size, any and every law firm is an attractive target for a cyber criminal. Think about it. Law firms serve clients of all shapes and...