By Bill Kammer
Ransomware Responses
In late September, the Cybersecurity and Infrastructure Security Agency (CISA), jointly with a multistate agency, released a Ransomware Guide. Sections of the guide include a discussion of ransomware prevention best practices and a checklist of responses to ransomware attacks, which can be found here: www.cisa.gov/publication/ransomware-guide.
Ransomware attacks can have devastating effects upon law firms, causing major disruption and economical damages, plus potential effects on client relationships and the possibility of ethical violations. As always, lawyers remain soft targets because of a perceived lack of security and their possession of valuable client and financial information.
Many smaller firms and companies often pay the ransom, perceiving that as the simplest solution. The Treasury Department just complicated that decision by warning that paying ransomware attackers might trigger sanctions violations.
Hotel Cybersecurity
Lawyers travel frequently, though perhaps not so much in 2020. Years ago, we were cautioned about the lack of security when using hotel computers to print documents, presentations, and boarding passes. We were warned of the dangers of inserting thumb drives in other persons’ computers because doing so might transfer malware secreted on those computers to our USB drives. Back home later, we might transfer that malware to our office systems and personal computers, compromising or damaging them.
Now, the FBI has issued a warning about the risks inherent in hotel Wi-Fi. Hotels focus on convenience to guests rather than strong security practices, often providing simple passwords easily guessed by those seeking to do mischief. The FBI’s leading recommendation is the use of a virtual private network (VPN) whenever we sign on to a public network. Its recent report also includes a list of signs indicating your device has been compromised, and recommendations for responsive actions if your device has been compromised, which you can find here:www.ic3.gov/media/2020/201006.aspx
Zoom and MS Teams Concerns
Even though many have returned to physical offices, others continue to work in home offices, even if only a few days a week. The use of video conferencing networks such as Zoom and Teams will continue to grow no matter where we work. As we become more facile in our use of these methodologies, we need to address certain issues that will frequently arise. For instance, the organizer of the Zoom or Teams meeting should determine whether to prevent recording and understand how to do that. And lawyers must remember that even if they control recording within the application, any viewer or participant can record the sounds and scenes of an event with an external device such as a mobile phone.
Similarly, we must use passwords for our meetings to prevent easy, unwanted intrusion. We should never provide those passwords in anything other than a secure transmission. Zoom bombings continue to occur at court hearings, public meetings, and law firm presentations. “Eternal vigilance is the price of liberty.” The first traces of that saying appeared about 200 years ago, but its admonition remains equally valid today.
Phishing and Vishing
By now, we all know the dangers of phishing as a gateway to attacks on our networks, offices, and storage. Much has been written about education, training, and regular reminders. But the attacks continue, often taking new forms. The entry may occur from any direction, not only from emails and malevolent links and documents, but also from social media. For instance, hackers have recently used direct messages on Twitter that warn the recipient of reported violations of Twitter’s copyright guidelines. Demanding an immediate response, the message directs the user to click on the link and verify the account. Eternal vigilance.
We all are at risk. Some suggest that the small and home offices are the least prepared to resist and thwart attacks, but even the largest firms have suffered substantial losses. In 2017, DLA Piper, one of the largest firms, had to shut down its systems for a substantial period because of an attack. And recently, Seyfarth Shaw, a firm with about 900 lawyers, was targeted by a weekend malware attack that appeared to be ransomware. They reacted immediately to limit damage or compromise, but their systems and email remained down for a significant period.
Vishing may be an unfamiliar phrase, but it signifies voice phishing. Previously, it usually referred to an attack on an individual that sought a Social Security number or credit card information. However, for those working at home in 2020, the new risks presented by vishing can expose home office systems and networks to penetration and damage. Once that occurs, the offices we link to are also subject to attack. The threat convinced the FBI and CISA to issue a joint advisory with several suggestions that companies can implement to help mitigate the threat from these vishing attacks (FBI-CISA Product A20-233A).
‘Down for everyone or just me?’
You will probably recognize that phrase as a website that helps you figure out whether your problem is everyone’s problem. As many shift their offices to the cloud, we rely upon the constant availability of Outlook email and Office365. However, we have recently learned those cloud systems are not always reliable, and their down status leaves us with few alternatives. We can’t do much about that, but at least we can track the problems at websites such as https://downdetector.com/status/office-365 and https://downdetector.com/status/outlook.