If you’re relying solely on your email spam filter to ward off phishing attacks, you’re making a mistake.
That’s true even if your filter blocks the overwhelming majority of dangerous messages.
“It may seem acceptable that your spam filter stops 97 percent of the phishing attacks directed at your organization until you realize that thousands of pieces of spam are hitting your filter every day,” writes cybersafety expert Steven Freidkin for Technically. “A 97 percent success rate on 1,000 messages means that 30 potential viruses made it into your users’ mailboxes!”
The solution: train your staff on phishing prevention, and then back it up with advanced endpoint protection.
Emerging Threats, Excellent Solutions
You’ve heard it a hundred times: it’s not if your law office will experience a cyber-attack, it’s when. And increasingly, the bad guys are targeting solo and small firms, not only because they lack the defenses of larger practices, but also as a conduit to bigger targets.
Making matters worse, the attacks are intensifying.
“Organizations that would have seen one attack a year are now experiencing them on a weekly or monthly basis,” writes Friedkin. “As the threat landscape changes, businesses need to evolve quickly and aggressively to protect themselves and their clients.”
Here are five trends – and five solutions – Freidkin says you should know about:
- Trend 1: Attackers are targeting small operations in order to get at their larger partners. “Two recent examples are LabCorp and Quest, both of whom had customer data compromised by hackers penetrating their smaller sub-contractors.” The solution: Use Multifactor Authentication (MFA) to verify a user’s identity before allowing access to online applications. Unfamiliar with MFA? It’s the system your bank uses when you re-set your password and a special code is sent to your phone. You have to enter the code before you can log in.
- Trend 2: Phishing is getting more sophisticated. One wrong click can wipe out your entire system. The solution: regular in-house training. “Well-trained employees are your first line of defense. Phishing prevention training will provide your employees with monthly simulated phishes, teaching them how to recognize the little clues, which are sometimes very subtle, that can help identify an attack.”
- Trend 3: Basic anti-virus software is not getting the job done. “The problem is that this software is simply not agile enough to stop many of the modern phishing or ransomware attacks.” The solution: don’t give employees local administrative rights on their computers. “Viruses rely on a user’s access privileges, so restricting your employees’ access to the bare minimum to do their work also restricts the harm that a virus can do.”
- Trend 4: Ransomware and other viruses call for an extra layer of protection. The solution: advanced endpoint protection. “This will protect your end-user devices both inside and outside your firewall, including laptops and other mobile devices that remote and traveling employees use daily.”
- Trend 5: The bar for “baseline protection” has been raised. MFA and phishing training are now minimum standards. The solution: stay up on best practices. “Organizations in regulated industries such as finance, government contracting, healthcare or law are advised to take a hard look at additional measures such as intrusion detection and advanced endpoint protection.”
A final tip: purchase cybersecurity insurance. Lawyers Insurance, the official agency of the NC Bar Association, can provide cyber liability coverage to suit your needs. Contact Lawyers Insurance online or at 1-800-662-8843.