Are You Careful About How You Connect To The Internet?

This FBI Warning Could Spoil Your Working Remotely At A Hotel Plan. Apparently, some workers aren't enjoying working remotely from home. Perhaps it is the constant family interruptions of young children. Whatever it is, some workers are going to hotels, and using the hotel WiFi. Most hotels are upfront about the security risk. They tout their "WiFi available" status; but, they fail to adequately secure the network. My only solid travel rule has been "never use Hotel WiFi". I have always contracted with a cell phone provider to access the Internet over an encrypted phone connection. I connect to it and bypass the free WiFi provided by the hotel. It is one thing to expose yourself to having your personal and banking information hijacked over an insecure hotel WiFi connection. It is quite another to have your confidential client information exposed. Be careful out there.

Prevent Facebook And Other App Hacking Attacks.

More than one Facebook friend has had their account hacked, and dummy accounts set up that message all their friends. This is one of the easiest hacks to prevent, and only requires the use of two factor authentication for entry to your Facebook account. While in Facebook, click the down arrow in the upper right of the screen. Click Settings and Privacy. Click Security Settings. Click Two Factor Authentication. Enter your cell phone number. Then, before a hacker can ever get into your account again, they will have to have your cell phone as well as your password. You have to get a code on your phone before you sign in to Facebook; but, you can leave Facebook connected if you have control over the physical computer you use. Sure, it is annoying to have to check your phone for a text message and code to get back in to Facebook after you log out. But, it is more annoying to find out some jerk has hacked your account because it was only secured with a password. If you aren't using two factor authentication with every site that has it available, you are like a homeowner leaving the front door to your house unlocked, who is surprised when a criminal walks in and steals something. Be safe out there.

DocuSign Can Survive Pandemics, Floods And Earthquakes.

DocuSign. As a technologist, I have always loved digital solutions to real world problems. As a lawyer, I have always appreciated tech that makes my job as a lawyer, easier. But, before the Pandemic, I considered DocuSign as a method of reducing delay in getting signatures on documents from around the country and the world. However, my eyes are now wide open, and Docusign is now my preferred way of getting things done. Remote lawyering requires the use of remote tools, and the ability to sign a legal document over the Internet is essential to such a practice. These days I really can practice law from my den at home. I can communicate with anyone in the world face to face using Zoom. I can send any document anywhere in the world, and it returns with a legally enforceable digital signature in the blink of an eye. Cool.

Do The Google Two Step - Your Computer Security Depends On It.

Don't Become A Victim Of Cybertheft. Yes, grasshopper, it's that time again. I am here to remind you to set up two step authentication on your Google account. And, any other account for which it is available. This article shows you how. Read it. The article postulates that the reasons you haven't done it yet are apathy and ignorance. If you read my security posts, you can no longer claim to be ignorant. Do the math. Secure your Google account. You may be glad you did. Lecture over. Be careful out there.

 

If It's Wednesday, It Must Be Data Security Day.

Call it Hump Day. Call It Wednesday. Call it just another day. Every day in an Internet world needs to be Data Security Day. Every law firm, big and small, needs to spend time on keeping client secrets and firm data secure. There is evil in the world. There are scammers looking for anything they can to steal your data. The most common breaches take advantage of our natural human impulse to be trusting. Call it social manipulation or whatever. If you aren't educating your law firm employees about it, you are leaving the front door of your house open for anyone to come in. I got this email this morning from Securityhq.com, and it lists the top ten things you should be doing, and should be making certain your employees are doing. Read, grasshopper. Your professional life and reputation may depend on it.

10 Top Tips to Detect Phishing Scams

Everyone is susceptible to a phishing attack. Often, phishing emails are well crafted and take a trained eye to spot the genuine from the fake.

There are, however, ways to make yourself less of a target. Keep in mind our ten top tips to stay safe online.

1. Name of sender can trick you.

Email addresses and domain names can be easily spoofed. It is, therefore, crucial that you check the domain name for spelling alterations on suspicious emails. Even if they appear to have come from a trusted sender, always double check.

2. Check for typos.

Attackers are often less concerned about being grammatically correct. Which means that typos and spelling errors are often evident in messages. Such errors in an email could be a good indication that the message is not genuine.

3. Do not share sensitive information hastily.

Any email that asks for sensitive information about you or your company is suspicious. For instance, no bank will ever ask for personal information over an email. Directly call your bank to ascertain if an email is genuine or not.

4. Don’t fall for URGENCY!

Phishing attacks use scare tactics such as urgency and authority to trick victims into taking immediate action. Emails that ask to share personal information or to make cash transactions are… ‘phishy’. 

Read KrebsonSecurity article here, to learn about a specific Apple iPhone attack via a simple text message.

5. Hover but don’t click.

Hover over URLs. If the alt text does not match the display text, or if it seems strange, DO NOT click on it.

6. Attachments can be dangerous.

Hover over attachments to check for an actual link before you click on it or download it. But, if you are still unsure of the sender, do not click on the link.

7. Is it too good to be true?

If it sounds too good to be true, chances are it is! Phishing attacks use fake rewards to tempt victims to take action. You wouldn’t win a lottery if you never participated.

8. Keep your devices up to date.

Devices, and the applications on them, are more susceptible to attacks when systems are not updated. Read our blog here for a specific example on an Office 365 account compromise. Maintain your antivirus and regularly check for updates.

9. Regularly check your accounts.

Check your accounts regularly to ensure that no changes have been made without your knowledge. Staying on top of your accounts, and knowing what data is held in each, will make spotting a phishing attack easier.

10. When in Doubt, Call out.

See something. Tell someone. Call the person or department responsible for data security in your firm.

Before The Internet, Nobody Knew You Were A Dog.

Been Hacked On Facebook? This Is Why.

Do You Know Where You Are Logged In?

I am always hearing from friends who have been hacked on Facebook or other social media sites. This can be annoying, embarrassing and dangerous. Often, they haven't taken precautions; the best of which is two factor authentication. Facebook provides a security check that anyone can perform that will help. One of the most useful is the ability to see who is logged in to your account and where they are. If you see a log in that isn't you, you can disable it. Take the test. Be safe out there.

#WhyIAmASolo. Lawyer...Represent Thyself.

Ransomware-how-clicking-on-one-phishing-email-left-a-whole-business-in-big-troubleDo you know what your BigLaw employees are doing at their desks? Do you know what emails they are opening, and what attachments they are viewing? Of course not. This is a cautionary tale about one employee at one company who opened a phishing email, and almost brought down the entire company. This could happen to your law firm. This could even happen to the FutureLawyer; but, since I am the only one here, I have a pretty good idea what is being clicked. If I ever got zapped with a phishing or ransomware attack, I have no one to blame but myself.

Google Chat, Meet, GMail Receive Enterprise Grade Security Tools

Google Chat, Meet, GMail Acquire New Security Tools. Google has the best software engineers in the world. GSuite, the paid version of their enterprise class products (Relax, it's cheap at $5 a month), has always provided better stability and security than the free consumer versions. Now, however, Google will protect users from forgers, spammers, and rabble-rousers looking to disrupt their communications. A BIMI badge or logo will be contained in messages from trusted domains. So spammers, and fraudsters won't be able to fake communications. In addition, new security controls will prevent hackers from gaining access to Google Meet chat rooms and video rooms. While there is no such thing as 100% security on the Internet, the Googleverse will be a much safter place to be.

GMail Problems? Or, Is It Us?

Spam Filter Broken In GMail? Whatever happened to personal responsibility? This piece in Forbes asserts that the sky is falling because many users have been getting spam and other bad emails in their In Box. I can remember when we didn't rely on far away computer algorithms to protect us from emails that we shouldn't be opening. Spam filters are certainly convenient. They separate a lot of chaff from the wheat when I am checking email. But, they aren't perfect, and I still need to look at the spam emails to determine if they contain a false positive. In addition, every user of email, Gmail or otherwise, should look critically at emails before opening links in them. Is this the apocalypse that the Terminator movie franchise predicted? Are we becoming so reliant upon our machines that we have lost the ability to think for ourselves? Use your brain. Make judgments about your In Box without the intervention of a search engine. Jeez.