Cyber Security: A cyber security partner can keep firms safe from AI-backed hackers

By Carl Mazzanti

A recent New York State Bar Association report noted that law firms typically fall into one of three categories regarding cyber security: “Those which have a risk and choose to correct it, those which discover a risk and choose not to correct it, and …  those who don’t know what they don’t know.”

Law firms have valuable information that hackers want, like intellectual property, business intelligence, and clients’ personal data. Recent events have revealed that many firms do not have strong enough cyber defenses to protect their data. These defenses are meant to safeguard against threats from hostile countries and other sources.

In one notable case, an international law firm that works with companies affected by security incidents was itself attacked. The attack exposed the personal and health information of more than 637,000 people who had already experienced data breaches, court documents showed.

Many law firms are partnerships. Partners in these firms often do not want to spend money on cyber security tools. They fear that the costs of investing in these tools may reduce their compensation.

But this makes firms an easy target for bad actors, and the reputational and financial costs of a breach far exceed the costs associated with cyber security improvements. And if your firm mounts a defense against digital attack that is even just a little better than your peers’ systems, the odds are that cyber criminals will move on to a softer target.

Many of the steps are simple, and relatively inexpensive, especially when compared to the cost of a breach.

Building a layered system

Basics for network security include a firewall, which protects a firm’s internal network from untrustworthy external networks. A firewall controls network traffic with security rules. It protects against unauthorized access and threats. It also prevents harmful activities by acting as a barrier. Next generation firewalls provide enhanced network security with features like intrusion detection, prevention, and malware protection, among others.

The aim is to build a layered cyber security system. This way, if a hacker gets through one layer, other barriers will still stop them. Digital security, for example, involves more than just a firewall. It includes using strong passwords, not sharing them, avoiding the same password for different accounts, and not writing them down where others can see.

Best practices also include using multi-factor authentication (MFA). This requires more than just a username and password to access an account. MFA adds extra verification steps, like a code sent to users phones before they can gain access to a system, to lower the chances of a breach.

Scammers often start attacks by “phishing.” They pretend to be someone known and trusted by a firm. Then, they ask for quick transfers of information or money. Advanced artificial intelligence can now help scammers customize their messages by looking at social media. They can focus on specific individuals. Scammers might mention mutual friends or recent events to make their requests seem more believable.

Do not just agree immediately to transfer funds or to take other action; always verify the request with the correct person or group. This can be done by phone, in person, or through their official website.

Do not trust emails from unknown senders, as they may use fake addresses that look real. A close examination, however, will reveal that the address is slightly off, often by just a letter or a digit.

Avoid clicking on unverified links to prevent accidentally downloading malware or other threats. Instead, users should contact your internal or external IT department first to verify whether a link is legitimate.

Testing your own defenses

An experienced cyber security partner can also design cyber safety awareness sessions specifically tailored for an individual firm. Periodic seminars will teach your team about the best ways to handle phishing attacks and other cyber security problems.

Your security partner should conduct penetration tests to identify weaknesses in digital and human security. Also known as “pentests,” these exercises are authorized simulated cyberattacks that will bolster your understanding of cyber safety training.

Penetration tests are essential for identifying vulnerabilities in your company’s systems, website, and infrastructure before cyber criminals can take advantage of them. These tests may include sending “phishing” emails and other communications to your staff, to see if anyone will take the bait. Users who fall for the trick should get further training.

Cyber experts will also check for software flaws and incorrect settings. Additionally, they will assess risky user actions and other security issues. These assessments can check how well security measures work, if users follow security rules, and other important concerns.

Your cyber security partner can provide AI-powered security agents to stop malware, ransomware, and other attacks by malicious software.

They help ensure your digital safety with strong lockdown measures. Built-in file integrity monitoring, device control, and memory protection will also help to block unauthorized changes.

Domain name system (DNS) protection can be an effective defense against cyber attacks. DNS defenses can block harmful software, botnets, and phishing attempts while also detecting and containing advanced attacks before they cause damage.

Law firms will inevitably keep gathering sensitive data, making them vulnerable to cyber crime attacks. Attacks against firms of all sizes are rising, and the intrusions are getting more sophisticated. Experienced cyber security partners can help enhance your network and data safety.

 

 

Carl Mazzanti is president of eMazzanti Technologies in Hoboken, N.J., providing IT consulting services for businesses ranging from home offices to multinational corporations. The company can be contacted at: 866-362-9926.