October Is National Cybersecurity Awareness Month
dhs_ncsam2019_logob.png

October is National Cybersecurity Awareness Month. Take some time out of your schedule this month to educate yourself and your employees on the threats and best practices to protect your firm. A good place to start is by visiting the following resources:

niccs.us-cert.gov/national-cybersecurity-awareness-month-2019

www.stopthinkconnect.org/

staysafeonline.org/

Throughout the month of October we will be posting a “Cybersecurity Tip of the Day” each day throughout October on our LinkedIn Company Page. Be sure to follow our company page so you don’t miss a thing.

20% OFF Cybersecurity Awareness Month Discount towards a 1-Hour Law Firm Cybersecurity Awareness Training Webinar. Contact us during the month of October to schedule your training webinar to receive your discount. (Note: Webinar must be scheduled no later than April 30, 2020).

And, as always, stay vigilant out there. Secure the Humans.

Social Engineering Attacks on Law Firms on the Rise
key-on-computer-shows-protected-password-or-unlocking_MJoerQv_.jpg

Social engineering attacks on law firms are on the rise and are a very real threat to law firm security. The attackers prey on the trust, service and prompt action that are the make up of a law firm's delivering good client service. Law firms must realize that part of good client service is also fulfilling the obligation to be thorough and vigilant in protecting law firm digital assets. Asking questions of new clients or of taking extra steps to confirm legitimacy can be done without sacrificing good client service.

Stay vigilant out there....

For a more detailed look see this ABA article here.

 

Zoom on Mac users update
a-computer-webcam-used-in-video-conferencing-via-the-world-wide-web-shallow-depth-of-field_SYItD_RBj.jpg

Last week a security researcher publicly disclosed a vulnerability in the Zoom application for Mac computers in which any website could forcibly join a user to a Zoom call without notice or knowledge of the user thereby giving access to the user’s camera and microphone without the user’s knowledge.

Zoom and Apple have addressed the issue in different ways. Apple has pushed a silent update to remove the vulnerable component. Separately, Zoom released a fixed Zoom app version for Mac.

All Zoom users on Mac should make sure that both their Mac OS is updated, as well as the Zoom application.

This is a great reminder to make sure that your system and applications are updated regularly. Keeping your systems updated is a free and effective way to increase the security of your systems.

Stay vigilant out there.

For more information on the vulnerability and updates see the following:

https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/

https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

Technology Tips for Law Firms
graphicstock-laptop-with-black-screen-on-table-business-technology-concept_SpjOjVckW.jpg

Great Q&A article from the State Bar of Wisconsin’s Wisconsin Lawyer magazine this month. John Simek and Sharon Nelson of Sensei Enterprises Inc., answer common questions asked by lawyers about technology. Leading the way…information security. Assessment, education, and policies are essential in protecting your information and in creating a culture of security within your law firm.

Stay vigilant out there.

Read the article here https://www.wisbar.org/NewsPublications/WisconsinLawyer/Pages/Article.aspx?Volume=92&Issue=6&ArticleID=27071

Phishing and our upcoming elections
phishing_f1-6j8PO.jpg

Phishing today seems to pose a threat in all aspects of our lives, from home, to work, to government and our elections. The Department of Homeland Security has issued warnings to state elections officials nationwide that phishing state employees in order to access election databases has happened in the past and is a threat to upcoming elections. Phishing attempts are still a major threat in all areas of our lives.

Stay vigilant out there.

Read the whole story: https://www.fifthdomain.com/critical-infrastructure/2019/07/03/the-biggest-concern-for-election-security-may-be-phishing/,

I'm back....

I know that over 6 months have gone by since my last blog post. Sorry about the little hiatus. I am back with more regular posts for the remainder of the year. Check out the newest posts and I promise not to be such a stranger moving forward.

Stay vigilant out there.

Brent Hoeft
Reboot Your Routers and NAS Devices
alert.jpg

Unless your law firm represents governments or contractors working with the government, generally the threat of hacking by other nation-states or groups acting on their behalf, are often not seen as security concern. However, sometimes the technology utilized by your firm can be commandeered through malware and used as a tool in a larger attack by these groups against other countries or entities who are the actual target of these groups.

It appears that an example of this has recently been discovered (first by researchers at CISCO) and now the FBI and Department of Homeland Security is advising consumers to reboot their home and small business routers and NAS devices in an effort to combat a malware attack affecting more than 500,000 devices.

Stay vigilant out there...

https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/

Brent Hoefthacking, PSA
Keep security front of mind in all aspects of your life. Educate the humans. Secure the humans.
graphicstock-man-holding-smart-phone-making-online-shopping-and-banking-payment-blurred-background_r_vljk3Dlig.jpg

The weakest link in the security plan of any law firm is the people. Hackers are hacking the humans. Therefore, we must secure the humans. Educating the people who are your last line of defense about the threats facing law firms and training employees on the best practices to detect and combat those threats are key to preventing a security breach. Having an educated workforce who understand the importance of security whether at home or at the office is vital to your overall security plan. 

Stay vigilant out there.

https://www.forbes.com/sites/forbestechcouncil/2018/04/19/good-cybersecurity-at-work-starts-at-home/#64e7753e3783

New email spam...From You To You
no-spam-sign-on-laptop-screen_zk2Rn4su.jpg

A new spam and potential phishing email variant reported by 9to5Google has been showing up in Gmail inboxes recently appearing to be sent from you to your own email account. These messages when opened reveal that the email address the message is being sent from is not actually your own email address but named as being from your name. Adding to the peculiarity of the email is the fact that the messages also appear in the users sent email folder.

Social engineering and phishing scams are continually evolving. Remember to always be critical of emails. If there is a link or attachment in the email first stop and Do Not Click. Observe and orient yourself to protect yourself from carelessly clicking and finding yourself regretting not slowing down. You are your own last line of defense against attacks.

Stay vigilant out there.

See the original report from 9to5Google below.

https://9to5google.com/2018/04/22/psa-new-gmail-spam-emails/

Brent HoeftSpam, Phishing, Gmail
Hello world...

Welcome to the inaugural blog entry of FirmLock Consulting where I will be writing regularly on information security news, trends, and topics as they specifically relate to the legal industry. I hope that you find the blog informative and if there is anything you would like me to write a blog post on, please let me know. Check back to see the latest post. 

Stay vigilant out there.

Brent Hoeft