Legal Depts Are Too Easy to Hack. Here's How to Protect Yourself
When it comes to hacking, in-house legal departments are one of the easiest targets. A new report on data breaches, put together by Verizon, identified corporate legal departments as more likely than almost any other to fall victim to email phishing scams. That's right, one of your company's biggest cybersecurity threats is its legal department.
Phishing emails can result in identity theft and the loss of confidential information, spread computer viruses and install ransomware, programs that encrypt your computer and return access for a fee. Phishing emails can be easy to fall for, too. Russian hackers were able to infiltrate the White House's email, for example, via phishing schemes. Luckily, phishing emails can be spotted and avoided.
You get an email from Bank of America, letting you know that your account has been compromised. Or maybe it's your IT department, telling you it's time to update your company passwords. You follow the links and enter in your identifying information. You might even speak to someone on the phone. Sadly, the emails were fake and you may have just given hackers access to your bank account or corporate servers.
A critical eye could have spotted the scam. Here's how:
1. Check URLs -- Hover your mouse over any link before you click on it. An email may say to "log in to http://www.wellsfargo.com/" but actually link you to wellsfargohaxxx.ru. Similarly, make sure that URLs you see are legit. Hackers will sometimes use domains that seem correct but are slightly off, eblay.co, instead of ebay.com.
2. Make Sure Information Matches -- Get an email about your Facebook account at your company email address? If you haven't linked the two, it's not a legit email. The same goes for emails addressed to the wrong name or no one at all. Be particularly suspicious if you are emailed about a service you never use. If you don't have a Bank of America account, you shouldn't be getting Bank of America emails.
3. Avoid Poor Spelling and Grammar -- Scammers are terrible at spell check. They're worse at grammar. Any errors indicative of unprofessionalism probably wouldn't make it out in a corporate email. Bad spelling and grammar are a major red flag that an email is fraudulent.
4. Go Slowly -- One of the main reasons that lawyers are so easy to target with phishing emails is that we hate to let matters sit. Used to dealing quickly with clients, we often don't take the time to look critically at emails before diving right in. Going slowly through an email while maintaining a critical eye can help you detect fraudulent emails that might otherwise slip by.
5. Install Browser Protection -- If you use a web-based email system, you can beef up your browser with a few simple add-ons. McAfee Site Advisor and Web of Trust are free programs that will send you a warning when you're about to visit a risky, potentially fraudulent website.
Related Resources:
- A Step-by-step Guide to Addressing Corporate Data Privacy and Security (Inside Counsel)
- The Greatest Threat to Your Data Security May Be Yourself (FindLaw's In House)
- Simple Data Protection Steps Could Have Prevented the Astros Hack (FindLaw's In House)
- Strategy, Succession, Security: Lessons From a C-Suite Survey (FindLaw's In House)