Beware – law firms are often targets of email hackers and they could be reading your emails right now!

In one case, a firm’s email system was compromised and a hacker was reading their emails. The firm didn’t become aware until the hacker demanded a ransom. While no ransom was paid, other firms or their clients may not be as lucky.

In another example, a hacker advised a client of a change to the lawyer’s banking instructions and directed the client to send funds to a new account or do an e-transfer. The client did so, believing the hacker was the lawyer.

The typical entry point for the hacker is when someone in the firm opens an attachment from a spam email that installs a code which enables the hacker to access that account. The hacker can then communicate with clients. Communication often occurs when the client has to send significant funds to the lawyer.

Hackers are sophisticated and can add protocols to an email account which prevent you from seeing correspondence coming to and from your account. Sometimes the hacker creates an alternative inbox hidden from plain view, and your client will have what appear to be emails from you, but you will have no record of sending them.

To avoid becoming a victim of one of these scenarios, please follow these loss prevention tips:

• Hire a cyber security consultant to review your systems;
• Check your software updates regularly and ensure they are updated to the most recent version;
• Learn and regularly review your programs and know how to check for rules and generate security reports;
• Make sure your email program is set to the highest security level and enable multi factor authentication;
• Review email protocols with everyone in your firm, including not opening attachments from spam emails and recognizing spam;
• Do not send unsecured documents through email as attachments; use a program with a password or utilize a client portal in your client management program; and
• Avoid using free Wi-Fi from coffee shops and other places of business.