Cybersecurity hacks and attacks

Protect yourself with these seven simple tips

Stuart Zanville
2017 February

Pay attention, here’s a pop technology quiz:  What was the biggest technology story in 2016?  (A) Donald Trump’s election tweets or (B) Cybersecurity attacks and hacking?

I know that Donald Trump’s twitter tirades drove our collective blood pressure through the roof and sent him to the White House, but the correct answer is B) the “Hack Attacks.”

The reason why is that cybersecurity is an issue that affects everyone, from big corporations and the U.S. Government to you and me. And that includes trial lawyers. This column will open your eyes as to why this is important to you and provide you with some simple tips to protect yourself.

We all know about the cybersecurity data breaches that took place in 2016, but they weren’t limited to what the Wall Street Journal called “Russia’s cyber-meddling in the 2016 U.S. elections.”

In December Yahoo announced that in 2013 hackers stole the confidential data of more than one billion Yahoo subscribers. Only a few months earlier the company announced that a similar attack in 2014 affected more than 500 million accounts. That’s a lot of ordinary people.

A few months earlier SecurityScorecard, a cyber security company, reported in a blog post that “It seems like the U.S. Government is more and more often falling prey to hackers, whether it’s from nation-sponsored organizations or independent groups.” The company reported that four major national government entities all fell victim to data breaches and hacking in 2016.

And these weren’t small local government offices. We’re talking about the big guys: the FBI, the Department of Homeland Security, NASA and even the IRS. Hundreds of thousands of individual data files were compromised.

This comes on the heels of 2015’s major data breach in the government’s Office of Personnel Management that resulted in records including fingerprints being stolen from more than 21 million Americans.

Most of us have personally experienced one of our email accounts being hacked or we know someone who has had it happen to them. While these cybersecurity breaches get our attention, if you are like me, you probably thought that hacking was more of a nuisance than a threat.

Technologist, the FindLaw legal technology blog, made it clear why trial lawyers need to treat hacking as more than just an annoyance. Casey Sullivan wrote in the Technologist blog that “When it comes to stealing valuable information, lawyers are easy targets. We handle sensitive personal and financial information, we hang on to immense amounts of data, and we’re not always the most technologically sophisticated.”

But you probably thought, if the Government can’t fend off a hack attack, what can I do?  The answer is: a lot.

There are multitudes of IT professionals and cybersecurity experts who can provide you with detailed protection plans for your office. I strongly recommend that, if you don’t already have an IT/cybersecurity consultant, you consider getting one as soon as possible.

The following tips, however, are relatively simple and are directed for mobile attorneys and the personal devices that let you keep your office in your pocket. They have been provided by Robert Ramin from Southwest Computer Services.

Watch what you click on. Emails are the primary method for infections to be distributed. Use a critical eye when it comes to opening links or attachments in emails. Hackers will send you an official-looking email with an attachment or link that looks real. Instead, it installs a virus that will immediately attack your device or computer.  If you get something from a stranger or that you’re not expecting, don’t open it. Also, never open an attachment that isn’t in a recognized format.

Use complicated passwords and change them regularly. Passwords should be at least 9 characters and preferably 15 and should not include any words in the dictionary, or at least break up dictionary words using numbers and special keyboard symbols. Using the same or similar passwords for multiple services is a very high risk since if one is compromised, the hackers have automated tools that try and use the stolen credentials on every service imaginable.

Using free email accounts for sensitive communication is a risk. Be careful about using AOL and Yahoo accounts for anything sensitive. They have been vulnerable to recent attacks. Gmail and Outlook.com have better security histories, but nothing is entirely safe.

Purchase and download quality, up-to-date anti-virus, anti-spyware and anti-malware software. Don’t be lazy or cost-conscious. It will pay off in the long run.

Do not use free, public Wi-Fi services. They may be convenient for you, but they also make it too easy for hackers to download your files and steal your passwords. One solution is to purchase a personal mobile hotspot from your carrier. It costs a little each month, but they are much safer (and faster) than public access.

Be careful with flash drives. These small storage devices are everywhere and are an easy way to exchange files and documents. Unfortunately, they can also spread viruses from one device to another. Use only your own flash drives.

Backups, backups, backups. The only sure-fire way to protect yourself from a total data loss from a ransomware attack is to have offline and/or cloud-based backups.

Stuart Zanville Stuart Zanville

Stuart Zanville is the Executive Director of the Consumer Attorneys Association of Los Angeles (CAALA). Contact him at (213) 487-1212 or by e-mail: stuart@caala.org.

Copyright © 2020 by the author.
For reprint permission, contact the publisher: Advocate Magazine