Law firms are struggling with next-generation malware threats, social engineering attacks, and other forms of cybercrime that disproportionately target the legal services industry. To protect themselves against potentially catastrophic data loss or major downtime, many firms in the Tampa area have turned to cybersecurity insurance.
However, picking the right insurance plan and navigating the application process are often stressful for law firms, especially when it comes time to self-report on your cybersecurity defenses with the questionnaire they provide.
Those forms are filled with technical terms, such as multi-factor authentication (MFA), end-point detection and response (EDR), and “ransomware control.” Is your firm struggling to understand the boxes that your insurance questionnaire is asking you to check? Let’s take a deeper look.
All users accessing email should be required to use what’s known as multi-factor authentication (MFA).
MFA is a multistep account login process that requires users to enter more information than just a password. After entering a password, users might be asked to enter a temporary code, answer a secret question, or scan a fingerprint. A second form of authentication is one of the most effective ways to prevent email breaches, with Microsoft finding that it can help reduce password-based attacks by up to 99%.
MFA is extremely effective in preventing ransomware attacks, as well as traditional hacks. A ransomware attack begins when an attacker acquires account credentials. However, with MFA, the attackers lack the additional information required to gain access to the target account. This prevents the attack and keeps it from entering the system.
It’s worth noting that not all MFA systems are built the same in terms of the practical level of protection that they offer.
In recent years, there’s been a spate of attacks specifically targeting MFA solutions, including a very high-profile breach at hardware company Cisco. In that attack, criminals flooded users with requests to verify their identities on a mobile security application (in this case, Duo) until the overwhelmed party verifies the access out of sheer frustration. In other cases, hackers can use fraudulent landing pages or social engineering attacks to undermine an MFA system.
This makes it important to understand that MFA should be complemented by a robust cybersecurity awareness training program, but more on that topic later.
Endpoint detection and response (EDR) is an integrated security solution that combines real-time continuous monitoring and collection of data from your endpoints (PCs, laptops, and tablets) with rules-based automation to respond and analyze threats.
There are 4 primary functions of an EDR security system:
Having an EDR system is something we strongly recommend for our clients in the legal services field, though it’s worth noting that there are new concepts in detection and response technology that complicate answering this question.
If you have a managed detection and response (MDR) solution—like the kind we offer here at LNS Solutions—then you have greater protection than a standard EDR, which means you can confidently answer yes to the question above. MDR solutions add the vigilant support of human personnel to weave the EDR system into a larger security plan and analyze the data.
If “Yes" to the above question, do you have the capability to automatically detonate and evaluate attachments in a sandbox to determine if they are malicious prior to delivery to the end user?
Another security tool that we strongly recommend law firms adopt is advanced email scanning, which offers protection against malicious URLs and weaponized attachments. The latest generation of email security tools are tuned to help mitigate not just phishing, but also account-based takeover (ATO), impersonation, and business email compromise attacks.
The second part of that statement, “malicious links,” is equally important. In recent years, hackers have started to get creative about the ways in which they leverage fake domains to trick people into clicking on malicious links. Lookalike domain names are one such strategy that is designed to look like legitimate domains, but in fact provide a way for hackers to enter your systems.
Examples
Are you confident that your staff is going to notice the differences above while they’re busy working?
Cybercriminals are banking on the idea that they won’t, and statistics show that they’re often right. To mitigate this problem, there are tools you can employ, but your security team should also be vigilant about identifying high-risk domains, scanning for lookalikes during regular security maintenance, and training your staff on how to watch out for this form of attack as they work.
The above are the questions that our legal services clients ask us about most often, but there are several other confusing questions that you may encounter during the cybersecurity insurance process. Here are some of the other common questions that give our legal services clients trouble:
When in doubt, the best way to shop for and purchase cyber insurance is with the help of a trusted cybersecurity partner, who can help you navigate all the ambiguity.
For decades, we’ve helped Tampa’s legal services firms take control of their IT and face cybercriminals with confidence. If you’re struggling with security concerns or the questions around your cyber insurance, contact us any time at (813) 393-1626 or info@LNSSolutions.com. We look forward to speaking with you!