Ted Schaer is a well-recognized attorney with Zarwin Baum DeVito Kaplan Schaer Toddy P.C. Law Firm. He is also chairman of the Cyber Liability, Privacy, and Data Security Department. He uses his expertise to advise clients on cybersecurity and provides data breach services. He is now using his expertise to warn other law firms of recent ransomware attacks.
Ted Schaer explains that hacker groups have been known to target small law firms. One of these hacker groups known as Maze, has now attacked firms in Texas, Oregon, and South Dakota. The group is believed to be responsible for a recent attack on Cognizant, an IT services firm as well.
Maze uses a process to conduct their attacks. They hack into a network, and slowly begin to steal files and credentials. They may begin by stealing unencrypted files, which they use as leverage. Maze threatens to release confidential data they obtain through hacking if a ransom is not paid. Ted Schaer warns that law firms are particularly vulnerable to this type of attack, because of the confidential nature of their business. Confidential information getting leaked could cause a firm legal problems and destroy the trust their client’s place in them.
At a 2018 seminar titled Shifting Your Cyber Risk to Protect Your Bottom Line, Ted Schaer stated that 63% of data breaches can be linked directly or indirectly to third parties. In addition to advice for small businesses on vetting vendors and designing contracts to shift liability to third parties, he mentions the importance of cybersecurity insurance. Ted Schaer recommends hiring experts to help you navigate the complexities of cybersecurity and insurance.
Ted Schaer states that phishing and email malware are the top security concerns for law firms. Malware attacks occur 94% of the time through email delivery, and phishing accounts for 80% of all cybersecurity incidents. Unfortunately, these types of attacks are not easy to prevent. They require multiple layers of security, because as better anti-virus and spam blockers are developed, the hackers use more advanced techniques.
Ted Schaer explains that there are steps all firms should take to protect their business. He recommends hiring a cybersecurity insurance and security specialist to correct any vulnerabilities a firm has. However, there are some basic cybersecurity tips firms can implement on their own.
The first is to use a password manager. These allow you to create strong passwords, and they will automatically fill them in for you. You simply need the master password to access the password manager. It has another benefit as well. If you click on a website URL that is actually fake, the password manager will not automatically fill in your login details because it won’t recognize the fake site.
Next, Ted Schaer recommends using two-factor identification, particularly for sensitive email communications. If a hacker gets the emails, they won’t be able to access them without the authentication code. He also suggests routinely checking software for updates and security patches.
Lastly, he suggests offering cybersecurity training for all employees. Hackers often rely on well-meaning employees clicking a malicious link or opening a phishing email. Giving employees the cybersecurity tools they need includes the correct training as well as cybersecurity software.