By Bahar Ferguson
After what seems like an eternity in a room, sifting through thousands of seemingly bottomless boxes of Bates-stamped documents, the art of the case starts coming together. The exciting breaks for your client and the documents supporting your theory to build a case to best achieve victory for your client, make all the countless hours working worthwhile.
You share these ideas with your team. You may even send email ideas as reminders to your own email. Your team emails late-night revelations, brainstorms and exciting angles to pursue. Joyous emails are shared after finding supporting comments and interpretations from depositions. The inner workings of your case, your reputation and your client’s future are sent electronically among your team.
You trust your team with the information. You trust they won’t share the information with the wrong individuals. As for tech privacy, you don’t know how often they change their passwords, but you haven’t received any fraudulent emails from them confirming a hacked account and they haven’t noticed anything suspicious.
Unfortunately, cyberattacks are not always immediately noticeable. You may be a current victim of an attack and not even know. Hackers don’t strike for any one particular reason. They don’t always immediately encrypt your network, transfer money or send infected emails. Some attacks are silent. The attackers watch quietly — or they set up rules in your email, like forwarding certain emails to their account or BCCing all outgoing emails to their account — in case you end up changing your password and they lose access. They read the incoming and outgoing email, giving them access to the strategies and breakthroughs — those very breakthroughs you feel are pivotal to your case.
This information can later be used by hackers for financial gain. They may ask for payment as a condition of not releasing such information. Or the hacker may exploit other users in the case or general correspondence for their own financial gain. They may learn your writing techniques or invoicing patterns for collecting from clients and spoof your clients into sending funds to them instead of you. They also may simply be morally opposed to the purpose of the case and seek to cause havoc in order to stop the potential legal outcome. The reasons are endless.
You may wonder how this could happen and how your account could become compromised. You don’t leave your laptop unattended. You lock your machine when you leave the proximity. You may even have a 13-digit, alpha-numeric, upper- and lowercase, punctuated password of beauty. It may be the more common occurrence where someone sends a bad link and you input your username and password, giving the hacker access to those credentials.
However, even if you were one of the rare cases who went to this extent to be protected and don’t ever click anything inappropriate, there may be one thing you do. You keep this password for multiple logins for other sites. One of which may at some point have had its user information compromised. While the compromised site forced you to change that password, you didn’t change that same password used on other sites.
Hackers regularly take compromised data and use the information to pursue other channels. With the engrained hatred for overly complex passwords and the need to remember so many passwords, it is easy to default to using the same password across numerous accounts. Hackers are well aware of this tendency and will take passwords from compromised accounts and try them on various other login portals, with email being one of the easiest and most commonly successfully hacked.
Here are three quick techniques to help avoid some of these attacks:
1. Password Managers. Download and use a password manager like LastPass or DashLane. These applications can be downloaded to your PC, tablet and smartphone. It allows you to fully randomize every password for all accounts you access. It stores the information for easy access and can allow you to avoid having any duplicate passwords. While this can be seen as a single point of failure by having all passwords in one location, it is safer than using the same passwords across multiple sites, writing the passwords on a sticky note on your monitor or even putting all passwords in an Excel file. There is a bit of time to get this up and rolling but it's time well spent, and the maintenance and access of passwords later is incredibly easy.
2. Multifactor Authentication. This can be on your domain for the server and various programs as well as your email. For Office 365, it simply requires any new machine you log into to require a second factor to authenticate it is, in fact, you. It can be a text message or phone call. This way, if your account is compromised, the hacker may try to log in, but they won’t be able to pass the second authentication piece. The multifactor authentication in Office 365 is a free addition and is easily turned on by your IT team.
3. Training. You can have the most sophisticated system available but if a user clicks something they shouldn’t, your entire network can be compromised. Regular training by your IT team can help keep people informed of the latest tricks and hacks and serve as a reminder to always slow down and be hyper-vigilant. Hacking trends are constantly changing and we must keep people aware of trends in order to help reduce the chances of individuals falling victim to various attacks.
Hackers accessing your systems to infect machines, lure large wired payments to foreign accounts, etc., are more commonly discussed attacks where you more quickly realize your computer, account or network has been compromised. However, that is only a segment of the attacks. The quiet attacks are significantly harder to spot and even more caution must be used to ensure these are not active or to reduce the likelihood of them occurring. It is important to ensure your IT team has all of the standard processes in place to protect your network and to educate the users on how to protect themselves. Should there ever be a suspicious email, link, invoice, etc., always reach out to your IT team or verbally reach out to the sender to ensure the email was legitimate.
You’ve worked too hard to let any of the effort go to waste.
Bahar Ferguson is the president of Wasatch I.T., a Utah provider of outsourced IT services for small and medium-sized businesses.