CBA Record Jan-Feb 2021

ing attacks, there is no better example than the 2019 case of a German company that lost around $250,000 to an extremely subtle attack (though not ransomware). A phishing email impersonating the com- pany’s CEO was paired with a deepfake audio (audio generated using samples of the target’s voice and AI) phone call of that CEO, both directing an employee to wire money to the malicious actors. The employee understandably did as they were directed and can hardly be blamed for falling prey to this two-pronged attack regardless of how much training they had received. For more expansive resources about phishing emails and to see some examples, check out the recording of a previous CBA seminar, “How To…Spot a Phishing Email.” The materials for this program also include links to valuable resources, such as a free anti-phishing toolkit and self-tests online. You can access the pro- gram for free at this link: https://vimeo. com/367331357/730abd54f1. The CBA has also hosted many pro- grams related to creating detailed cyberse- curity plans. One that stands out as being particularly helpful is “Security Meets Efficiency: IT Issues and Opportunities for Law Firms.” It can be accessed at learn. chicagobar.org for PR-MCLE credit. It’s unlikely that 2021 will offer a respite from threats of this nature. Stay safe out there! Landex Research, Inc. PROBATE RESEARCH MISSING/UNKNOWN HEIRS LOCATED NO EXPENSE TO ESTATE Domestic & International Services for: Courts, Lawyers, Trust Officers, Administrators, Executors 1345 Wiley Road, Suite 121 Schaumburg, Illinois 60173 Phone: 847-519-3600/800-844-6778 Fax: 800-946-6990 www.landexresearch.com

LPMT BITS & BYTES BY ANNE HAAG 2020: The Year of the Phish

L aw firms have long been targets of ransomware, but 2020 was a banner year for the malicious attacks. The year saw an increase in the number of ran- somware attacks as well as in the amount of ransom requested and paid. Early in the year, three firms were targeted within 24 hours. A New York media and enter- tainment firm that caters to high-profile celebrities such as Bruce Springsteen was targeted inMay. Seyfarth was targeted in an October attack that kept the firm offline for days although no client data was breached. Attacks were rampant throughout the year. Ransomware is a type of malware that is designed to deny a user access to a computer system or data until a ransom is paid. Email is very often the entry point of these attacks. A link or attachment in a phishing email will activate the ransom- ware, sometimes putting an entire law firm offline for days. The rise of remote work in 2020 surrounding the Covid-19 pandemic resulted in workplaces relying on email more heavily than ever, so it’s no surprise that phishing emails were behind many of the year’s high-profile ransomware attacks. Backups have traditionally been the saving grace of the ransomware attack victim. If the victim’s data is encrypted and held for ransom during an attack, their backed-up data will prevent them from having to pay the ransom. Inevitably, though, hackers have found a way to work around this problem by threatening to post the breached data online for all to see if the Anne Haag is the CBA’s Law Practice Management Advisor, a certified crisis intervention counselor, and a volunteer withResilience as a trauma- informed ER advocate for sexual assault survivors.

ransom fee goes unpaid. This escalating element of extortion is another hallmark of the 2020 attacks. Of course, victims of such attacks are put in the difficult position of trying to assess whether paying the ransomwill actu- ally solve the problem. Firms might pay, but there is no guarantee that the bad actors will actually hand over the encryption key needed to decrypt the data. Further, there’s no way to ensure that they won’t later publicize the data after the ransom has been paid. Attributing the attack (or narrowing down its possible origin as much as possible) helps in this assessment process, but there are still no guarantees. It is important to have a detailed plan in place in the event of an attack, but a plan for prevention is critical. You will want to work with a cybersecurity expert to create your worst-case scenario plan, so the focus here is on how to prevent a phishing attack. The most important step your law firm or practice can take to prevent a ransomware attack is to regularly and repeatedly train your employees to recognize a phish- ing email – and what to do when one is detected. Phishing emails have become remarkably more sophisticated in recent years, so your training efforts must be ongoing while still preparing for the worst. Phishing tests are a great tool to utilize in your training efforts. Companies such as Sophos provide this service to gauge how susceptible your employees are to phish- ing emails. From there, you can recognize your practice’s pain points and tailor your training so it is more effective. Just a few tell-tale signs you are being targeted: Typos are still a hallmark of the phishing email, but suspicious links embedded within messages, and email addresses that don’t quite match a company’s domain, are more subtle giveaways. To highlight the sophistication of phish-

CBA RECORD 39