Category: Technology

Social Media Policies: The Impact On Your Practice

With the rapid rise in the use of social media both professionally and personally, the challenges become huge to preserve possible evidence. From text
messages on individual cell phones, to videos on YouTube, to  READ MORE

 

Data Breach Prevention

Glaring headlines in the March 29, 2016 The American Lawyer detailed that 48 of our nation’s top law firms were specifically targeted by a Russian hacker seeking to trade on M&A information. Most of the firms found out they were a target only because their name was included in the article. On March 22, 2016 the FBI issued an alert warning law firms of criminals seeking access to their networks.

What should you do? First, realize that some of the largest firms have experienced breaches. And they have huge IT staff, and lots of money to throw at the problem. Don’t throw up your arms in disdain and say you have no chance by comparison. For firms of all sizes I recommend . . . READ MORE

Data Breach Prevention

It’s really not a question of IF your firm will experience a data breach at some point, but rather WHEN your firm will experience the breach. Don’t assume that your firm has no desirability as a target because of your size, or even your practice areas. Cyber criminals are increasingly targeting law firms of all sizes for private information about clients, which often enables them to more effectively target the client directly.  READ MORE

Is Your Apple Device Safe from Malware Infection?

Apple customers, particularly Mac users, are normally adamant about the fact that their computers don’t need protection from viruses, Trojans, Ransomware, or other threats that impact Windows PCs on a day-in-and-day-out basis.  Is it true, or a myth?  The truth is that while the general threat level is far lower on a Mac than a PC, the OS-X operating system is not immune.

Apple has been a target of lesser opportunity only because criminals invest their time, money and resources where the return will be greatest.  That has historically targeted PCs almost exclusively, due to their market share.  As the installed base of Macs continues to grow, so does the appearance of threats.  How quickly?

A recent blog post on the Official Security Blog site of Malwarebytes states: “The popularity of Macs leads to more cybercriminals wanting to write malicious code for OS X. Although still much lower than PCs, the number of threats targeting Apple operating systems has grown steadily, with a spike in Mac infections observed over the last 18 months. A recent study by Bit9 + Carbon Black found that the number of Mac OS X malware samples detected in 2015 was five times greater than in the previous five years combined.”

If you are not deploying security software on your Apple device, now would be the time to do so.  Don’t wait to be a victim of something like the Ransomware  KeRanger , which was  downloaded  by  around  6,500  people  within  the 12-hour  period  that  it  was  available.  Some  of  those  users  had  their  data  completely  destroyed.

Upgrade to Windows 10?

Microsoft has cleverly delivered pop-up invitations for free upgrades to Windows 10.  Should you take advantage and become an early adopter?  In my usual pragmatic manner, I advise against it unless you want to unwittingly become an early debugger too.

Let the big firms with in-house tech support go through the pain first.  They can afford to smooth all the wrinkles and support users through the bumpy ride.  Wait until at least the first service pack comes out.  And following that, the software gets “good reports” regarding the results of the service pack installation.  Then and only then should you install.

My colleague, Jennifer Ellis, is much more analytical in her approach.  In her blog postShould You Upgrade to Windows 10?” she spells out the specific considerations to take into account for each end-user and firm.  Give it a read, to help you decide.

As always, I will post to the blog when I think the time has arrived to safely install Windows 10 for the majority of users who read my blog.  If you go back into my historical archives of past blog posts, you’ll see that I never recommended installation of Windows Vista.  As time passed it became apparent that it was never going to be a decent operating system.  I suggested keeping XP going until the next generation (Windows 7) was released, and upgraded at least once.  It turned out to be the right move.  I also recommended the same with Windows 8.  So stay tuned.  I won’t steer you wrong.

 

Ransomware (malware) on Cell Phones

 

ransomeWe thought that our cell phones were safe from ransomware, like CryptoLocker, which has been infecting hundreds of thousands of computers in the U.S.  Not so!  A recent article in CNet Daily News reports that there are as many as 5,000 attacks per day.  A mobile threat report from Mobile Lookout Security, which makes security software for smartphones, found 4 million of Lookout’s 60 million users were held hostage last year.  In 2014 they report a 75% increase in mobile threats in the U.S.  You can read about the most prevalent malware at the end of the post, below.

The article tells the story of  a 12-year-old girl from Tennessee who tapped a link on her smartphone to watch a new music video.  Instead of a video, she had unwittingly installed malicious software that downloaded child pornography, locked her Android phone, and threatened to report the pornography to the FBI if she didn’t fork over $500 in ransom.

What should you do to protect yourself?

1)  Never download applications from outside the official Google Play store or Apple App Store.  Be careful clicking on links when online.  “Free” could wind up being very expensive.  Keep that in mind when on social media sites.

2)  Install an application that will block ransomware.  Avast (free for mobile) and Mobile Lookout Security are two big players.  Note item #1 above before downloading software which will allegedly protect you, from an unknown source.

3)  Never pay the ransom, and always report the crime to police.  There is no track record to show that paying ransom will lead to removal of the malware and release of your mobile device. In most cases, you are only providing incentive for thieves to continue to create new and more sophisticated software.

It’s an even more dangerous computing world out there than it was just a year ago.  Be extra careful out there!!

The most prevalent ransomware threats in 2014, according to Mobile Lookout Security:

  1. NotCompatible| Malware

​NotCompatible is a trojan that surreptitiously acts as a network proxy.  It allows attackers to send and receive traffic through a victim’s mobile device onto connected networks for fraudulent purposes.

  1. Koler| Malware

Koler is a trojan disguised as a media app.  It locks a victim’s device, after falsely reporting the discovery of illegal activity.  Koler attempts to coerce victims into paying them to avoid criminal charges and regain control of their device.  The CNet article advises that police can tell that you are not the “guilty party” so don’t be afraid to report.

  1. ScareMeNot| Malware

ScareMeNot is a trojan that pretends to scan victims’ phones for security issues.  It then locks their device, after falsely reporting that its scan found illicit content. It attempts to coerce victims into paying them to avoid criminal charges and regain control of their device.  Again, report this to police.

  1. ColdBrother| Malware

ColdBrother is a trojan that pretends to scan victims’ phones for security issues, but then locks their device after falsely reporting that its scan found illicit content. It can also take a front-facing camera photo and attempts to coerce victims into paying them to avoid criminal charges and regain control of their device.

  1. ScarePakage| Malware

ScarePakage is a trojan that pretends to scan victims’ phones for security issues and then locks their device after falsely reporting that its scan found illicit content. ScarePakage attempts to coerce victims into paying them to avoid criminal charges and regain control of their device.

Notice that each of these Trojans are very similar.  It’s rumored that there is one very talented programmer who is being well paid by various criminal organizations to keep creating variations of the malware, in order to stay ahead of detection software.  Notice that each are “socially engineered” to make you want to run the software voluntarily.  So even if you don’t click on a malicious link out of ignorance, you can still fall victim.

Windows Security Patches Released

Microsoft Released a security patch on Thursday, May 1st, which fixed all Windows versions of Internet Explorer, including for Windows XP!

XP has been out of support, but with a heavy installed base — estimated at 30% of the world’s computers by some — Microsoft made an exception to its policy by updating the operating system.  At a lot of law firms, there was a visible sigh of relief.  Kudos to Microsoft for doing the right thing.

Personally, I took the opportunity to change my default browser to Chrome, and I don’t regret it.  There are a few software packages I have which are not compatible.  For example, Copernic Desktop Search.  But I only use that for searches internal to my system, so I don’t really care.

In case you’re curious, data from NetMarketShare.com indicates that Windows 7 powers 49.27% of the world’s computers, while Windows 8.0 and 8.1 combined account for only 12.24%.   MAC versions 10.6 through 10.8 combined holds 3.25% of market share.   That number surprises me, as I’m seeing strong growth in the legal industry.

Computer Security Issues – Windows XP, Adobe Flash, Internet Explorer

When Homeland Security issues a warning about new risks of using your computer, you should stop and pay attention.  When mighty Microsoft tells you to temporarily stop using one of their programs due to a security issue, you should stop and pay attention once you’ve recovered from fainting.

Yes folks, our computing environment has just gotten a whole lot riskier, especially when exploring the internet.

First, let me advise you that the issues have not yet been resolved, despite reports issued based on misinformation and misunderstanding.  That’s because we’re dealing with multiple issues, on multiple software platforms.

The issue dealing with Adobe Flash Player was resolved (hopefully) by a security update from Adobe on Monday, April 28.  That problem involved a Flash bug that was attacking computer visitors of a Syrian government web site.  Although that bug was significant, it is not at all related to the major boo-boo in Internet Explorer.  And it’s doubtful it would have impacted too many of you in the legal environment.

The “big” Microsoft bug, which Microsoft is currently scrambling to address with a patch, affects versions 6 to 11 of Internet Explorer.  It potentially gives data thieves the same access to a network computer as a legitimate user.  Microsoft has acknowledged that there have been “limited, targeted attacks that attempt to exploit a vulnerability.”  Excuse me?  It can’t be so limited if Homeland Security is involved, along with every major media outlet.

The security flaw in Internet Explorer comes into play if you click on a bad link.  Not the type which gives you an innocent “404, Not Found” but rather the kind which takes you to a fake web site, where malicious code can be injected into your computer.  Some of these sites are so realistically designed, you have no clue they’re fake and “bad”.

This is the first major security flaw discovered since Windows XP support was discontinued.  That means that when the security patch is issued, both Internet Explorer and Windows 8.0+ will be updated.  Windows XP will remain vulnerable.

What should you do?

  1. Stop using Internet Explorer for now.  Use one of the competitors like Google Chrome or Firefox.
  2. Don’t click on links found on web sites which go outside that site.  Rather, use your “favorites” to get to the other site, or look up the other site and go there directly.  It’s estimated that as much as 40% of legitimate web sites may unknowingly have malicious code on their site.  One example would be replacing a legitimate link with one which misdirects you to a “bad” web site.
  3. Make sure you’re installing all security updates which arrive at your computer.
  4. Be sure your anti-virus and anti-spyware software is kept up to date, and is running continuously in the background.
  5. Make sure your firewall is up to date.
  6. If you’re still using Windows XP, make a permanent change to your internet browser choice.  Also, whichever browser you choose, you may want to have your security software checking each site before it actually allows you to land on it.  It will slow your travels, but keep you much safer.

Keep in mind that you will have to get off of Windows XP in short order.  Hey, I don’t like it one bit either!  But keep in mind that law firms must take due diligence in safeguarding client confidentiality.  Knowingly using software which will never receive additional security updates is much like putting your most confidential client documents in a trash bag, and throwing it off the Empire State Building.  It’s not a question as to whether those papers will be scattered on impact, but rather how far they’ll be scattered!

Security Issues on iPhone 5s

Attorneys who use the iPhone 5s should refrain from enabling Touch ID.  There have already been two patches in response to two security flaws.  But tech experts feel that the Touch ID feature is still a risk for phones carrying confidential client information.  Michael Pham of Winstead Attorneys has some insights in a post on the WinTech blog.  He suggests that employers implement strict written policies and  procedures that require employees to keep their mobile devices current with the latest  software updates concerning security, and that they notify the company the  minute a phone goes missing.  Wise advice.  I also recommend that remote swipe be enabled before any client information is synched to the phone.

It’s important for firms to take proactive steps to protect confidential client data.  Failure to take reasonable precautions could spell malpractice.

Twitter username worth $50k?

A very interesting article on CNET News caught my attention.  The headline “Coveted $50,000 Twitter username swiped in tale of woe” intrigued me on more than one level.  First, of course, are the security issues.  Definitely read the article, and track back to the blog post, to get an idea of how vulnerable your online accounts can be.

Second, was the fact that a username could have such a value.  Maybe it’s time to start thinking creatively and reserving free account names that may become desirous later.  Hmmm . . . wonder if @Personal_Injury is available?

Although the latest update to the story includes a strong denial from PayPal about divulging information which allowed the hacker to hijack the user’s accounts, I tend to believe the user, Naoki Hiroshima.  There are tons ways a “confused caller” can get small bits of information over the phone; enough to later claim an account.

PayPal’s name has been associated with all sorts of online fraud, almost since they first started.  Don’t get me wrong, it’s not PayPal itself, but nefarious individuals who have exploited their name for phishing and identity theft schemes since day one.  For that reason alone, I have long advised attorneys to use something other than PayPal for credit card service (merchant account) their clients can use to pay.  Just the association to the name still leaves a chill of risk for many who remember the horror stories.

WordPress Themes