by Dan Pinnington

computer-safe-200x200

Cybercrime dangers are many, complex and ever-changing. Hardly a day goes by without another news report of a data breach or other cyber-related scam or theft. Cyber criminals have considerable resources and expertise, and can cause significant damage to their targets. Cyber criminals specifically target law firms as law firms regularly have funds in their trust accounts and client data that is often very valuable. LAWPRO encourages all law firms to make dedicated and ongoing efforts to identify and understand their potential cybercrime vulnerabilities, and to take steps to reduce their exposure to cyber-related dangers. This article, from the December 2013 issue of LAWPRO Magazine, reviews the specific cybercrime dangers law firms need to be concerned about, and how they can mitigate their risks.

After email, your Internet browser is probably the second most dangerous technology tool in your office. Even casual surfing on the web can expose you to malware and other cyber security issues. You and your staff need to know how to safely surf the web and configure your browsers so that surfing is less dangerous.

Safely surf the web

Teaching your staff the following surfing “don’ts” will help you reduce cyber-related surfing risks, and reduce the likelihood of a malware infection:

  • Don’t complete online transactions involving account information, passwords, credit card numbers or other personal information, unless you are on a secure connection as indicated by an “https” in the website address.
  • Don’t visit unknown websites, and especially music, video, or pornography sites because they are often loaded with malware.
  • Don’t use file sharing sites, or services unless you are familiar with them and know the people you are sharing files with.
  • Don’t download software, unless it’s from a reputable and trusted site.
  • Don’t download new apps (wait until downloads hit the thousands and it is likely any malware in the app has been detected).
  • Don’t download browser add-ons, plug-ins or toolbars, especially from unknown or untrusted sites.
  • Don’t click on “OK,” “Yes” or anything else in browser “pop-ups” (the small windows that sometimes open within a browser). These are sometimes made to look like “dialog boxes” (the windows you change settings or options in) to make you think you are clicking on options or settings you normally deal with. Quickly closing all browser windows and tabs can help, especially if you are being flooded with multiple pop-ups. On Windows-based browsers use Ctrl+W or Alt+F4 to repeatedly close the top-most tab or browser window. In Safari, ⌘+Shift+w will close all tabs in the current window and ⌘+q will close all Safari windows and tabs.

Run an antivirus or anti-malware program that runs in the background and scans for dangers. If you are doing online banking for your firm trust or general accounts, it is critical that you ensure all security risks are addressed.

Beware the dangers of social media

Many people are comfortable sharing a great deal of personal information on Facebook, Twitter, Instagram and other similar social media tools. While family and friends may enjoy this information, people should keep in mind that cyber criminals could use the same information to assist them in personal identity theft or the hacking of online accounts. Be cautious about the amount and type of information you share on social media. Posting vacation pictures while you are away or using apps that broadcast your location (e.g. Foursquare) tells the world you are away from your home and office.

Facebook, Twitter, LinkedIn and some other sites can be configured to only let you login on a secure connection (see the adjacent sidebar on https connections). This can prevent your account from being hacked since your login credentials and connection are encrypted, making it harder for someone to intercept them.

Lock down your browser

Malware programs can automatically and secretly install themselves while you are browsing. These are called “drive-by downloads.” This occurs when websites run scripts (small bodies of code designed to perform a specific action) or ActiveX controls (a module of code that adds extended functionality to the browser).

All browsers allow you to change individual configuration settings, many of which can deal with these and other security issues. Some browsers let you easily change multiple security or privacy settings by choosing from different levels of security (Medium-high or high are best). While changing browser settings can provide greater protection, it may also prevent some websites from running properly.

While the options and terminology will change slightly between the various browsers, these are some of the settings you should change to lock down your browser:

  • prevent pop-ups from loading (or prompt you before loading a pop-up).
  • disable JavaScript.
  • don’t accept third party cookies.
  • delete cookies on exit.
  • clear history at close.
  • disable ActiveX controls (or prompt to run ActiveX controls).
  • enable automatic updates.

See the “Browser Security Settings for Chrome, Firefox and Internet Explorer: Cybersecurity 101” webpage for detailed instruction on how to lock down these three browsers. “iOS: Safari web settings” on the Apple Support site has information on Safari security settings.

There are also various browser plug-ins and add-ons that can increase browser security and warn you about suspicious activity. Widely used WOT (Web of Trust) will warn you about untrustworthy sites (available for all browsers).

Pharming

“Pharming” is another common trick used to perpetrate scams. Pharming takes you to a malicious and illegitimate website by redirecting a legitimate website address. Even if the website address is entered correctly, it can still be redirected to a fake website. The fake site is intended to convince you that it is real and legitimate by spoofing or looking almost identical to the actual site. When you complete a transaction on the fake site, thinking you are on the legitimate site, you unknowingly give your personal information to someone with malicious intent.

You can avoid pharming sites by carefully inspecting the website address in the address bar. Make sure you are on the site you intended to visit and look for “https” before you enter any personal information, passwords, credit card numbers, etc.

The S in https means 3 you are on a safe and secure connection

When logging in on any website, you should always check for a secure connection by checking to see if the web address begins with https://…, as opposed to http://… Look for the “s” which signals that your connection to the website is encrypted and more resistant to snooping or tampering.

Categories: Fraud Prevention