The NJSBA is advising members to remain vigilant in bolstering cybersecurity within their legal practices, given the heightened risk of Russian cyber-attacks on U.S. businesses.
Law firms in particular, along with small businesses and the supply chain, are attractive targets for hackers who use a mix of unsophisticated tactics, such as email phishing campaigns to more advanced malware attacks.
The NJSBA will host a program at its Annual Meeting and Convention in May that addresses the uptick in cyber breaches seen globally since the start of the pandemic. Speakers at the program will discuss the different types of attacks and breaches, recent public examples and what the NJSBA is doing to protect member data.
Those who fall victim to phishing techniques, where users click on fraudulent email links that appear legitimate, often are duped into providing compromising personal information such as account usernames and passwords. And ransomware, a costly form of cyber activity that attacks organizations of all sizes, paralyzing computer systems until a ransom has been paid. Along with law firms, schools, police departments and hospitals are known targets.
Hackers are after a wide range of things, but they usually focus on stealing money or data that can either be ransomed or sold to other hackers, according to Robert Spangler, the Assistant Executive Director of Information Technology at the NJSBA.
“The tactics used to accomplish this vary widely. Sometimes hackers attempt to gain entry into a system to ‘lurk’ and either infect a network with ransomware or to use one network or network account as a means to launch attacks,” Spangler said. “Other times hackers focus on specific individuals and use highly sophisticated tricks to attempt to steal money or login credentials.”
Legal organizations of all sizes, from solo to large firms, can get guidance about best practices from the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) guidance on their Shields Up page
here.
The webpage advises that all organizations do the following:
-Outfit all remote access to the organization’s network and privileged or administrative access with multi-factor authentication.
-Ensure that IT personnel are focused on identifying any unexpected or unusual network behavior.
-Designate a crisis-response team with main points of contact for a suspected cybersecurity incident.
-Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack.
The global situation has prompted the NJSBA’s IT team to be even more vigilant about the cyber threat landscape, according to Spangler.
“We take our responsibility to protect member data and maintain proper cyber hygiene very seriously. We also believe in educating our industry, with some recent statistics showing that 88% of all data breaches are caused by human mistakes,” Spangler said.
The NJSBA’s Annual Meeting and Convention runs from May 18-20 at the Borgata Hotel Casino in Atlantic City. Register
here.