A few years ago, people who needed unauthorized access to password-protected websites often obtained “bot logs” on lease from criminals through an underground forum. These criminals develop malware that can steal the credentials of a victim from information entered into Web-based login forms. User passwords stored in web browsers can also be stolen by these bot log sellers, enabling them to acquire a stockpile of hacked PCs called “botnets”. A botmaster could sell these stolen credentials or lease logs to any buyer for an agreed upon price in virtual currency.
Apart from the rare high-value bank account login, most of the stolen credentials were not used nor sold by the botmaster back then. They were often wasted. Recently, the business has become lucrative as several underground sites are in the trade of buying and reselling these stolen credentials. Credit monitoring could enable you to know when your identity has been stolen but it doesn’t prevent the identity thief from creating new credit lines in your name.
Lately, there has been a significant increase in data breach within the legal community. A large collection of non-public data that is useful for insider-trading schemes are stored at law firms. Protected health data of employees, confidential documents about ongoing mergers and acquisitions, litigation, personally identifiable information, and other sensitive business transactions like investments attract hacking of law firms. Cybercriminals may also want to ransom acquired information about the finances of a corporate client as well as authentic and crucial trade secrets and intellectual property that are patented. Emails providing private and intimate details of the personal and professional lives of clients are also targeted. There are several stakeholders willing to pay for the stolen information like activists who are against a firm’s method of operation or competitors who need evidence in a lawsuit.
Employees have been found to have caused some data breaches due to errors or malicious intent. Stolen or lost laptops and other devices are one of the causes of this breach. Lawyers access the law firm’s network with their own devices and usually download personal information of clients. Thus, exposing the firm’s network to harmful viruses and malware that are present in these devices.
Criminals recognize the fact that most internet users re-use passwords across several sites which poses a risk. The use of a password manager could be useful for storing complex passwords to reduce the headache of always having to remember each one. The use of two-factor authentication is also beneficial when using online emails that allow it, as the second factor would have to be hacked for your account to be accessed.
Reputation is everything in the legal community, that is why cybersecurity consulting for law firms in West Palm Beach is essential. Law firms may be liable in the event of any loss incurred by clients in the incident of a security breach on their end. Hence, the need to train employees, and conduct due diligence before engaging the services of a cybersecurity vendor. Due diligence involves asking questions to enable you to identify the right cybersecurity consultant your firm needs in order to safeguard sensitive client information and maintain a trustworthy reputation.