shutterstock_129915392  - shutterstock 129915392 - Law Firms are Easy PreyExcellent article at www.law.com about social engineering!

A discussion of the threat that social engineering (aka the “human side of ”) poses to law , and some tips and practical guidelines to reduce its effectiveness. What follows is an excerpt:

“The great news is that law firms have readily available steps to dramatically reduce the effectiveness of social engineering ploys and they do not require Mission Impossible technology. Social engineering is all about exploiting gaps in humans’ knowledge and awareness.

“Law firms investing in cyber social engineering awareness training and regular training of the firm’s employees, contractors and even clients will create a powerful first line of defense against this method of and the bad guys’ most effective weapon.

The four methods of social engineering include phishing (email), vishing (phone), smishing (texting) and impersonation (face-to-face). Each method utilizes unique tactics to create trust and authenticity in the ultimate communication used to defraud the recipient.

The more repetition there is of personalized, detailed or highly focused communications, the higher the rate of success there will be in convincing the recipient to let down her defenses and for her to click on, open or run malignant communications. Combining each of these different methods, and a hacker may even acknowledge in such communication an individual’s security training, can produce great results for the hacker.

Training and Testing

Training needs to provide tools to help employees validate the bona fides of the sender of the electronic communication regardless of the method of communication used. Also providing varied examples of how social engineering may occur will get employees thinking outside the standard security box.

Often, attackers play on an individual’s weakness, susceptibility and curiosity. The email impersonating someone from human resources or finance with a simple sentence of “Bill, do you really think these expenses should be approved?” with a malicious file attached to it will get hits almost every .

After monitoring news accounts and press releases and performing other “due diligence” on an unsuspecting employee, such as a company bookkeeper, sending a feigned wire instruction to him just when a transaction is about to close and indicating that payment needs to be made by a certain time for the deal to close often works like a charm to cause payment to be made to the bad guy. Role playing or gaming in employee training will make individuals more aware of their susceptibility to such ruses.

In addition to social engineering training, which is your last line of defense, do not forget to do regular real-world testing. Bring in security professionals, who understand up-to-date social engineering artifices, to challenge your investment in “behavior modification” training of your employees and hopefully validate it and improve your security system.

Empowering your law firm’s employees with such cyber fighting skills also can be a huge morale boost transforming them from victims to warriors in the battle to protect confidential client and law firm information. Building a training and awareness environment which seeks to keep this knowledge and awareness fresh, relevant, frequent and varied in its means of delivery will make it effective.

Practical Guidelines

Security information, resources and tools are provided by many legal associations and, as set forth below, some very practical guidelines offered by the New York State Bar Association at www.nysba.org/nysbacyber/. ” Read the full article here. You need to register but it’s worth it.

Why Social Engineering Works And How To Arm Yourself Against “Human Hacking”

We strongly recommend you continue your research by reading this this article

 

 



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here