CBA Record March-April 2024
very well. A few years ago, an Oregon couple’s Alexa misheard several differ ent commands and wound up recording the couple’s private conversation in their home and sending it to an acquaintance, all without their knowledge. Do what you want in your home, but do not conduct work-related phone calls or conversations around devices like these. Keep your software up-to-date. Soft ware updates have a way of arriving at the worst possible moment, but don’t put them off for long. Updates generally address some kind of bug or security flaw. If you’re being pushed to update, there’s a reason, and you should heed the warning. Use a VPN when using any Wi-Fi net work you don’t trust, especially a public network. Create a separate Wi-Fi network in your home for your guests (and per haps for all of those IoT devices, too). A guest Wi-Fi network provides a separate access point on your router so you don’t have to worry about guests accidentally downloading a malicious program or con necting an already infected device to the network. The guest network is a different point that provides access to the internet, but not to your home network. Again, there’s no such thing as a com plete defense against all cybersecurity threats. Your job is to make yourself as challenging a target as possible. Cyberse curity is a moving target, so be sure to stay vigilant. Want to learn more? Check out “Phishing Attacks: Annual Updates & Prevention Strategies” at Learn.ChicagoBar.org. Anne Haag covers how to spot a phishing attempt and how to train your team members to do the same.
LPMT BITS & BYTES BY ANNE HAAG Cybersecurity Tips for Young Lawyers and Others L aw school may prepare you to be a lawyer, but it generally doesn’t pre pare you to think about cybersecu
Test your phishing knowledge regu larly using a phishing test platform like www.phishingbox.com/phishing-test. Be aware that if you work at a law firm, they are likely also routinely testing their employees. Firms can send out fake phish ing emails, and any employee who clicks on one of the links they contain can face consequences that range from mandated training to losing out on an annual bonus or even being fired. The stakes are high. One last phishing-related tip! Know what to do if you do receive a phishing email or click on a malicious link. Know who to tell, first and foremost. From there, your firm should have a plan in place. If you’re in a decision-making role, you might be the one who needs to spear head formulating a designated plan. This will require research and work, but the preparation can make a huge difference. Use a password manager. You need better, stronger, unique passwords for every account you use. Do not re-use passwords across platforms or use pass words that in any way resemble easy-to guess words or dates. Password managers like Dashlane or 1Password can make this seamless. Reassess your comfort level with the internet of things (IoT), or the myriad devices in your life (and home) that use Wi-Fi to operate and collect or exchange data with other devices. Many of these devices are fairly easy to hack, and there have been plenty of news stories to that end. Further, they don’t always work
rity in the way practicing attorneys really need to. Unfortunately, law firms make great targets for cybersecurity attacks for a few reasons. They possess a large amount of sensitive information about confiden tial clients and matters, and they could be in hot water if that information was leaked, meaning they have a large moti vation to pay ransom. Further, law firms aren’t known for being at the forefront of technological developments, so they can make easy targets. In 2018, the highest ransom demanded in a ransomware attack was $1 million. In 2020, just two years later, the highest ransom demanded was $68 million. That new landscape is here to stay, and lawyers need to know how to prevent cyberat tacks. There’s no such thing as a perfect defense, but here are some things you need to know to keep yourself from being that easy target hackers are envisioning. Keep abreast of the latest trends in phishing. Phishing emails routinely get harder to detect, and phishing texts or messages on virtually any platform have become more common. If you’ve recently received a text message that was clearly meant for another person, even that might have been a phishing attempt. Though it might not lead to immediate loss of data or control over your machine, responding to a text like that can land you on a list of marks to target in the future.
Anne Haag is the CBA’s Practice Management Advisor, a certified crisis counselor, and volunteers as a patient advocate in the ER.
Need to Fulfill Your IL MCLE Requirements? Check out our library of 250+ on demand legal titles at Learn.ChicagoBar.org.
40 March/April 2024
Made with FlippingBook Learn more on our blog