When it comes to scams, experts say, it is not a matter of IF a law firm will be targeted but WHEN. Law firm data is some of the most coveted and confidential hidden treasure in the world. Hackers and scammers know data is a precious resource...so, as a law firm, you, are their big red target.
What are some ways you can better prepare your solo, small, medium, or large firm for some of the wackiest, craziest, and disguised scams? Check out our 20 tips below.
20 Tips for Law Firms on How to Educate and Prevent Scams
1. Follow the FTC website and US-CERT for privacy, identity, and online security updates.
2. Hire certified professionals to support/update your computer hardware and software.
3. Update anti-virus/security software on a regular basis. This is especially important with ransomware like WannaCry and a cyberthreat called Petya roaming the internet.
4. Make sure your pop-up filter is up-to-date (comes with most security software).
5. Always check links before clicking on them. Look for misspellings or other irregularities. Hover over the link before you click on it.
6. Always make sure site URLS indicate HTTPS before using them.
7. Email messages from friends or from companies you trust require scrutiny. Treat emails, links, and attachments with suspicion. Call to verify that entity/friend sent it to you.
8. Don’t follow links in bank emails, etc. Instead use your browser to enter the URL.
9. Never use public Wi-Fi or hotspots. Be careful with private Wi-Fi connections that you are not sure what the security measures are.
10. Contact hardware/software companies directly for assistance. Do not trust companies that contact you directly (with the initiated call).
11. Never allow a “company” (no matter who) perform a “free security scan”.
12. If you get a call from a company or someone claiming to be tech support, hang up.
13. If you get a pop-up message that tells you to call tech support, ignore it.
14. If your computer brings up a concern you are not sure about, call your security software company directly but do not use the phone number in the pop-up or on caller ID. Instead, look for the company’s contact information online or on a software package or your receipt.
15. Never share your passwords or give control to your computer to anyone who contacts you.
16. Change any passwords that you share with someone. Assign unique passphrases to every online account.
17. If you pay for bogus services with a credit card, call the credit card company directly and ask them to reverse the charges.
18. Watch for unauthorized charges to your accounts. Also, watch for unauthorized activity on your computers.
19. Never reveal personal or financial information in emails or text messages.
20. Report scams to www.ftc.gov/complaint. Report computer security incidents to US-CERT https://www.us-cert.gov/forms/report and the FBI Internet Crime Complaint Center https://www.ic3.gov/default.aspx.
P.S. If you've been impacted by a scam or technical attack that your fellow Bar members should know about, please share your experience with us by emailing firstname.lastname@example.org.