It’s interesting how quickly the jargon of cybersecurity enters our mainstream vocabulary.
Take the word phish (no, not the band Phish). Once a rather odd term to describe what internet bad guys do with our email accounts, now it’s something we all have first-hand experience with, as daily we fend off inbox scam attempts from deposed princes and Barbie predators.
And spear phishing is no longer something enjoyed on honeymoons amid coral reefs.
But as our vocabulary grows ever more complex to accommodate the evolving language, the basics of cybersecurity remain simple.
Here are three suggestions from the email security awareness experts at KnowBe4, which if implemented will prevent most spear phishing attacks:
- “Implement a secure password policy requiring phishing-resistant multi-factor authentication (MFA) for remote access, strong passwords, unique credentials, and the separation of user and privileged accounts, effectively revoking unnecessary or inactive accounts.
- “Configure email servers to filter out and block emails with malicious indicators and implement authentication protocols, such as Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to prevent spoofed or modified emails.
- “Implement a phishing awareness training program that includes guidance on identifying phishing attacks and how personnel should report suspected phishing attempts and verified incidents.”
Do you have a Law Firm Compensation Plan? Without one, you’re hampering the success of your practice. An effective and equitable pay structure will increase firm productivity, reduce turnover and boost office morale. It will help you recruit and retain the highest caliber of legal talent. And it will allow you to provide consistently excellent client service. Join us on September 27 for the CLE webinar, Creating an Attorney Compensation Plan That Will Build Firm Culture and Attract Top Talent, and learn how to design and develop a compensation plan that’s right for your practice – whether you’re building one from scratch or updating an existing plan. This free, one-hour CLE will be taught by two of the country’s top authorities on law firm economics, Brenda A. Barnes and Camille Stell, co-authors of the book RESPECT: An Insight to Attorney Compensation. Don’t miss this latest installment in Alta Pro’s highly popular, cutting-edge CLE webinar series. Register now!
Spear Phishing and Email Compromise
The two most common tactics used by cyber criminals were spear phishing attacks and compromise of valid email accounts, according to the US Cybersecurity and Infrastructure Security Agency (CISA) and Decipher.
From KnowBe4: “Valid accounts can be former employee accounts that have not been removed from the active directory or default administrator accounts,” CISA said. “When organizations do not change default passwords, threat actors can compromise a valid administrator account. In many cases, this attack technique is possible because the valid account allowed unauthorized users to install or execute insecure software (such as unpatched or out-of-date software) on a system or network.”
Spear phishing links were successful in 33 percent of attacks.
New-school security awareness training can teach your employees to follow security best practices so they can avoid falling for social engineering attacks.
Alta Pro RPG now offers Lawyers Professional Liability Insurance in 15 states: Arizona, Colorado, Georgia, Iowa, Illinois, Indiana, Kentucky, Michigan, Minnesota, North Carolina, Ohio, South Carolina, Tennessee, Texas or Wisconsin? Membership in the Alta Pro Lawyers Risk Purchasing Group (RPG) offers a wealth of benefits for your practice: free, cutting-edge CLE webinars featuring top experts tackling timely topics; the Pro Practice Playbook; the Pro Practice Blog; Reminger’s ProLink risk management assistance; Reminger’s Claim Repair Hotline; discounts on CLIO practice management software; tax savings on health insurance; and access to the Risk Pro, to keep your firm safe and successful. Click here to learn more about Alta Pro RPG benefits.