Press "Enter" to skip to content

Posts published in “Ransomware”

Do You Know What Ransomware Is?


How does it affect law firms? What can my firm do to protect itself?

Ransomware is malicious software that holds files hostage until someone pays the ransom. It does not discriminate on the size of the firm, the industry, or the victim(s). It is known to attack solo, small, and big law firms; hospitals; financial institutions; and everyday individuals.

Take a moment to listen to “The Ransomware Epidemic in Law Firms”, presented by three leading legal cybersecurity professionals: John Simek and Sharon Nelson of Sensei Enterprises, and Sherri Davidoff of LMG Security.

For more information on the ransomware epidemic, contact

How to Stay Safe Online During the Holiday Season


The holiday shopping season is here, and many busy lawyers and IT-centric folk will do the majority of their shopping online. Here are some important online shopping tips from Stay Safe Online to keep in mind throughout the month. Additionally, be sure to be vigilant with email threats as this is the perfect time of year where hackers attempt every online scam possible. Review these tips to help you recognize holiday phishing scams and malware campaigns from the United States Computer Emergency Readiness Team, and be sure to follow these tips should you believe you are a victim to these crimes. Safe online shopping to all from your Bar's Practice Management Assistance Program. Email for assistance.


Other Resources

Watch Out for these 3 Online Shopping Scams by Techlicious

Scams and Safety on the Internet by the FBI

10 Tips to Prevent Phishing Attacks by Panda Security

11 Tips on Identifying Spam, Phishing, and Spoofing Emails by Online Convert

PMAP TECH TIP: Mobile Security Hygiene


Do you connect to unknown wifi or computer networks when you are away from the office or forget to bring your own cable or plugs when you are out of the office for a meeting? Security professionals are encouraging technology users and business owners to pay close attention to good mobile security hygiene as indicated in this post from Air-Watch. This is especially important with employee security hygiene getting worse as ransomware exposes insider negligence, according to Security Magazine. Avoid ransomware infections and other cybersecurity problems by checking out these top 10 cybersecurity tips from SBA and don’t forget to contact if you have any questions.

Protection from Phishing


Technology continues to produce amazing things in many areas of life, from medicine to new law office software. But to read all the headlines about “cyber attacks” your instinct might be to shut down your computer and read a book. Still, as lawyers, we need to know about the very real threats out there that are trying to target lawyers specifically. For example, the FBI has repeatedly issued warnings to law firms that they are highly vulnerable to malware attacks. Large firms have been hit already, such as two firms representing a number of Fortune 500 companies and Wall Street Banks. Smaller firms are not immune to attacks. On the contrary, the Bar has received numerous reports from South Carolina small firms that have been successfully targeted by malware, including ransomware -- software that encrypts the data on the user’s computer or entire network. You must pay the “ransom” if you want your data decrypted or have a good complete backup.

Ransomware is just one form of malware that usually enters a firm’s computers through “social engineering,” a fancy way of saying an employee was tricked into clicking on a link that unleashed the bad bug.

Security experts claim that most attacks launched on computers these days are not “blunt force attacks” but are a result of social engineering. So, let’s examine some of these cybertricks, starting with phishing. Phishing can start with a phony email, purporting to be from someone it’s not, containing a link allegedly going somewhere that it’s not. (Spearfishing scams are emails that appear to come from someone you know who knows a little about you.) The trouble begins when you click on the link and go to an infected website, or the link itself may contain the malware. It’s important to know that once the action is taken, it can’t be undone.

One more type of phishing: a whaling attack. Users are made to believe they are receiving an e-mail from the head of the organization, but, as you probably guessed, the e-mail is from a phisher.

So, what’s busy law office to do? First and foremost, educate everyone in the firm who touches a computer. Here are five ways to do that:

  1. Give employees a list of e-mail addresses throughout your firm and keep it updated when e-mail addresses change. Keep the list up-to-date when employees leave, someone gets married, or new employees join. If an employee receives an email from inside the firm that is not on the official list, they should delete it.
  2. Train employees to understand domain names (generally the part of the Internet or email address that comes before “.com.”) Phishers like to change real domain names slightly by adding a number or letter onto the address. Make sure all employees routinely check domain names carefully.
  3. Train employees to know the popular “catch phrases” used by phisher and whalers, and avoid using these phrases in staff emails. Here are a few popular catch phrases:
    • Too busy to talk
    • Need the money fast
    • I said immediately
    • I would gladly pay you Thursday for _____ (fill in the need and the time)
  4. Train employees to be EXTRA careful when replying or sending e-mail to free e-mail accounts (examples include, but are not limited to, Gmail, Yahoo, Hotmail, etc.)
    • Phishers love to change e-mail addresses to look valid. For example, instead of an e-mail going to - a phisher would make a phishing e-mail go to Notice the firm name has been completely removed.
    • Verify e-mail addresses with any sender/recipient who uses free e-mail accounts. Pick up the phone and confirm that they were the authorized sender/recipient and they are the only ones who can access this information.
  5. Hire an IT security professional to conduct a security and cyber-risk audit of your firm. For additional online security, take the following safety measures:
    • Ensure you back up files regularly and keep recent backups off-site
    • Lock down social media accounts
    • Set security settings on all accounts to the highest setting possible. Avoid making profiles public
    • Do not post unnecessary information like birthdays, information only you or close family would know, etc. Keep information at a minimum and keep your confidential information secret.
    • Train employees to use caution when opening unsolicited e-mail attachments
    • Patch & update all software and online tools
    • Use stronger passwords – at least fourteen characters and a mix of numbers, letters and symbols
    • Deploy strong spam filters that detect viruses, blank senders, etc.
    • Use security software including firewall, antivirus software and web filters
    • Encrypt all sensitive company information and require employees to use encryption when sending company information
    • Make sure you have a good cyberinsurance policy

Also, check out these other ways you can prevent phishing scams, whaling attacks and cybersecurity conundrums. Contact us to help answer any practice management or technology questions for free at and don't forget to save the date for the upcoming LPM-TECH (Solo and Small Firm Conference) on September 16, 2016. There will be a variety of cybersecurity professionals on hand to discuss these topics plus more. Register now.

Written by: Courtney Kennaday, Director, PMAP and Emily Worley, PMAP Assistant, South Carolina Bar