Just another day at the firm. The case was settled, with a $500,000 payment to be made to the approved settlement administrator. The law firm received an email from the administrator with wire transfer directions, and the settlement funds were sent per the instructions. Just one problem – the email didn’t come from the administrator, the receiving bank was not the right bank, and the half million dollars evaporated. Poof – gone in an instant.
Sure, it would’ve been prudent for the law firm to have picked up the phone and independently verified the email sender and instructions. But how did the bad guys know precisely to whom and when to send the phony email, and exactly what to say? Was it from publicly available information in the court file? Was there a rogue insider at the firm, or at one of the other litigant’s firms, or at the court, or with the settlement administrator? Or was someone’s email account illicitly monitored after being compromised by malware or through phished access credentials?
Business email compromise (BEC) is a growing threat for businesses generally. Reports of BEC incidents to the federal Financial Crimes Enforcement Network (FinCEN) have doubled from 2016 to 2018, with the dollar amounts rising nearly threefold, from $110 million monthly in 2016 to over $300 million monthly in 2018.
But BEC is only one of many potent threats to law firm data security. Here are some high-profile examples from the news:
Continue Reading Law Firm Data Security Threats
A swarm of zombies, led by Byte Walkers, surges inexorably onward to penetrate a massive perimeter wall by force and stealth. Sounds like Game of Thrones, right? Instead, this is our cyberthreat reality. And in an ironic twist that would make George R. R. Martin blush under his beard, it’s now painfully real for 
Many years ago, before common sense kicked in, I thought it would be a good idea to rent a storage space for all the extra furniture and other stuff I could not fit in my new house. Knowing it would only be temporary, I stashed everything from upholstered and leather furniture, to boxes of books. Fast forward twelve months. The rental agreement was expiring, and I realized that I would never need nor have room for all that I’d stored, so I decided to have a sale to dispose of it. When I went to the storage space I was horrified to see that everything was covered in a thin film of mold. (This was years before climate-controlled storage was widely available.) I had no choice but to trash it all, which both cost me money and prevented me from converting my goods to profit.
I hope you were not affected by last Friday’s WannaCry ransomware hack. If you were, you are unfortunately part of the biggest on-line extortion scheme seen to date. And it may not be over, as new variants are appearing, so although you may have dodged the bullet for now, experts suggest that this attack is