6. 100% of Law Firms Targeted by Cyberattacks

100% of law firms were targeted by cyber-criminals in the first quarter of 2020. We never speak in absolutes. But this is an absolute.
Subscribe to Stupid or Irresponsible Podcast
Spotify  | Apple Podcasts | Google Podcasts

Go to www.master-computing.com/discovery and book a 10 minute call, and we will talk about this, we will create an action plan for you.

Join our FREE Security Webinar Here

Show Notes
  • Today’s episode we talk about this article by an info security magazine study.  In this study they show that 100% of law firms have been attacked or targeted between January - March of 2020. [2:30]
You are probably thinking "100%? That is B.S." right? Listen now...
  • In this study they are talking, specifically, about the Legal Industry is under attack. They make it sound like more so than anybody else. [3:40]
  • We could do our own study and show that EVERYBODY is under attack 100% of the time 
It is a matter of time before they get in, that’s the bigger point here.
Interesting statistics from this study: [4:07]
  • 15% of law firms were likely compromised (that’s a lot)
  • Nearly HALF of law firms had some other form of suspicious activity on their network.
 Problem #1: The problem we face in security is that it is just rampant, the attacks are everywhere. They are automated. They are relatively easy to pull off. [5:58
  • “If I’m an amateur hacker and I want to break into your network what do I have to do? How hard is it? What is the learning curve on this?”[6:25]  

[7:30] – Problem #2:
As a business owner (theoretically say I do not own an IT company or have any experience in IT). Maybe I own a law firm and I am the managing partner of the Law firm. Maybe I’m the primary doctor or physician at a local clinic. Maybe I own an accounting firm. I am the guy, I started it, I filed all the paperwork and my specialty is in my craft… How do I prevent a cyber-attack, Joe? “

What to look for in IT support:
  •  Businesses operate on some pretty slim margins. So, when I’m out looking for tech support and 3 people show up at my door saying hey, we can all do the same thing, how do I choose? [8:20] 
Point #1: I as a business owner of any industry outside the IT world, I DON'T KNOW HOW to pick a good IT company.

Point #2: Just because I found a good IT company doesn’t necessarily mean I found somebody that knows anything about security. 

Cyber Security is more of a specialty. Whereas IT consultants are kind of generalist – think of your family physician.
  • “Like Joe said in the beginning, statistics could be made up, could be manipulated, BUT Every time I look at the statistics it’s about 20% of businesses get hacked.”
  • I’ve seen it a bunch of different ways, but...The reality is, if you play the odds long enough, the real likelihood of some sort of a breach is probably approaching that dreaded 100%.

As a business owner, as a managing partner at a law firm, as the practice manager who is responsible for the clinic. When somebody gets hit, that falls on YOU. 
"The problem here like I said in the beginning, I don’t know how to vet an IT company, and I sure as hell don’t know how to vet a cyber security firm." [13:07]
[13:25] – Let’s say, we hired this firm to come and protect our company. If we were going to make sure they were doing their job properly, what should we be looking for? 
  • How do you vet an IT company if you don’t know anything about IT? 
[14:00] - So let’s give them a formula:
  • NOTE: If you try to implement this yourself, that is flat stupid. Because you can’t. It is like me trying to do heart surgery myself. Please for the love of god don’t do that. 
The reason that we are going to lay this out is so you the listener can understand or hold your guy accountable because we don’t know how to pick them. We don’t know how to vet them, and we sure as hell don’t know how to hold them accountable. What do we really know about holding these guys accountable? [14:25]
[14:57] – Let’s go through a basic checklist of what should be happening behind the scenes to protect a company:
Starting at the top:
  • We want to make sure they have strict policy on of use of company devices.
  • Procedures – have a document in place 
  • Have some sort of regular training or education for employees for safest and best practices.
  • Ongoing education
  • Letting the client know if information has been compromised immediately.
  • You SHOULD have an incident response plan for if and WHEN you get hit. What are the proper procedures? 
  • Constantly updating security and hiring digital security firm if needed. 
  • Like we mentioned earlier, if you have an IT guy that’s great, but you NEED a security guy. 
You have got to have somebody or some entity that is looking out for security, that stays in on this, that is just living and breathing network security all the time. Like us!
  • If you were to be compromised: 1. There should be a policy and 2. It should be enforced. [18:05]
We’ve got policies, procedures, ongoing training, what are some other things that might be maybe more on the technical side? [20:00
Quick point about Two Factor Authentication:
  • If your IT guy if your security guy isn’t talking to you and beating you up over Two Factor Authentication (2FA) then you probably better find a new one!
[20:40] – Here is a great litmus test: If you aren’t annoyed as hell at your IT company for all the security stuff and hoops you are jumping through…you better find a different one!
[21:45] – Justin’s sign off:
  • The stupid answer here is to not be prepared. To not be paying attention to this. To thinking that you are invulnerable. 
  • To think that this isn’t going to happen to you is asinine I mean 100%
It is rare that we can say 100% on anything, but the fact that you are being actively targeted right now is 100%...

[22:30] – Go to www.master-computing.com/discovery and book a 10 minute call, and we will talk about this, we will create an ACTION PLAN for you. 
[22:45] - If you’re not ready to take that step then go to www.master-computing.com/live-webinars  
[23:10] Joe shares his final words of wisdom for our listening audience:
  • Change your passwords - Everybody just go change your password real quick. Reset it.
Please, again, go to: www.master-computing.com/discovery Book a 10-Minute Discovery call