Terrapin Technology Group, Inc. managed to both scare us to death and reassure us at the SVALA July luncheon.
That’s okay; Terrapin has been a Platinum Sponsor of the SVALA for several years now so they are allowed to do that.
Last spring, Betty Nelson of Terrapin shared tips for keeping our computer systems secure. At our July luncheon, Nathan Johanson and Misty Quaintance took those tips one step further and presented an in-depth look at “Security Threats & Solutions.”
Thank goodness for the solutions part!
Nathan shared several ways law firms can succumb to hackers. Apparently, hackers have figured out law firms are a potentially lucrative target and are getting even cleverer with their methods of exploitation.
Aside from the ransomware attacks there are prolific phishing schemes targeting law firms and their clients – ranging from individuals to corporations to non-profits. These phishing schemes are unfortunately working so it does not look like they will go away any time soon.
Nathan explained how a phishing scheme works and then pointed out several ways to spot one of these phishing emails. Several administrators in the room were familiar with this popular technique so Nathan is not kidding when he warns of the dangers out there.
Phishing works something like this: A hacker will spoof the email of the managing partner or CEO (the information is readily available on the website of most companies). The hacker then sends an email to someone in the accounting department (this information is not usually available on a company’s website but it is easily obtained with a phone call or even social media mining). The “CEO” (hacker) asks the accounting person to make a wire transfer and does so in a way that makes it seem like an urgent request. The recipient of such a request could very easily fall victim to this sort of scam unless they knew what to look for.
Nathan pointed out that many times, there are misspellings in these requests or the fake CEO does not sound like him or herself. (An administrator in the audience shared she received such a request from her managing partner to wire money and the email started with “Hey.” Even though they frequently make wire transfers, she immediately knew this did not come from her managing partner because he would never in a million years greet someone with “hey.”)
It is details like this that can tip us off to a fake email request. Nathan reminded us several times to “take a breath” when getting these emails. Yes, we and our accounting people want to make sure our CEOs and Managing Partners are kept happy but we also need to take a breath and make sure what we are doing is in response to an actual, legitimate request.
It also helps when law firms and corporations have solid check and balance systems that the recipient can fall back on in order to avert a potential disaster.
Nathan also pointed out that aside from the details of the body of the email, the real address of the email sender can be uncovered with a few minutes of detective work. Either hover over the email address to see the real sender or even click on reply to see where the email is being sent. In addition, check the “mailto:” address in the sender’s address to see the real sender.
Of course, all of these tips mean we have to slow down, “take a breath” and take the time to verify information. Considering the alternative, it is definitely well worth the extra few minutes.
One last bit of scary information on the phishing scheme is, apparently, the hackers are starting to spoof emails from scanners. We always have to be on our toes!
One solution Nathan and Misty suggested using to educate and test our staff is called “KnowBe4” which is a program IT staff can use to emulate a phishing scheme and send to the firm. The education part comes after people click on the fake email. Oops!
Nathan and Misty talked about other security threats such as websites being hacked. There are tools to use to check if a website has been compromised such as checking a site status through “Google Safe Browsing.”
It was an exhausting seminar only because it was packed with great information and, frankly, it takes a lot out of a person to be scared!
Thankfully, there were raffle prizes given out at the end so that made us all feel a little bit better. Especially the winners (which included me!).
Many thanks to Nathan Johanson, President of Terrapin, and Misty Quaintance, Terrapin Technical Director, for helping keep our systems safe and us on our toes! Oh, and, of course, thank you for the fabulous gift card!