CALL: 267.621.2936

REQUEST A QUOTE

Menu

Do Process! August 2023


Greetings All!

It is hard to believe that summer is winding down. I hope everyone has had time to vacation and visit with family and friends! Here, it continues to be a record-breaking year with our staff growing and with our team we are now serving throughout the country.

Recently we received a call from a client asking if we had reached out to a relative through an unlisted number asking to serve paperwork. The whole thing sounded off, so I called around and checked. Turns out the BBB has also confirmed that there is a new phishing scheme to get private information using the guise of a process server calling to schedule a delivery/service.
When something seems off, trust your gut. I figured it was time to revisit cybersecurity this month with an article by the BBB and legal journalist, Senta Johnson.

As always, we are here to help! Please reach out and use this as a networking forum or if we can be of any service.

Have a great day!

Blair
President
Process Service PA LLC

Cybersecurity and the Legal Industry

By Senta Johnson

These days, cybersecurity is the legal industry’s worst enemy. Likewise, due to their abundance of sensitive information, legal practices appear to be a prime target for cyber attackers. Law firms face a variety of cybersecurity risks, such as ransomware attacks and phishing scams, that could compromise the private information of their clients, harm their reputations, and result in significant financial losses.

And yet, according to the ABA’s 2022 Legal Technology Survey Report, more than half of firms do not have an incident response plan, and a full quarter of firms have not yet adopted a cybersecurity awareness or training program. Naturally, the virtual world becomes riskier as technology develops. We are here to assist you in making the best preparations for ethical cybersecurity breaches.

Beware of Public Wifi and Charging Ports

With the ability to work virtually recently increasing, it’s not uncommon for a lawyer to choose their local coffee shop or an airport terminal as their office for the day. All we ask is that you stay away from public internet networks and charging ports.

Malicious actors can create their own Wi-Fi hotspots and give them enticing names, such as a “Free Starbucks Wi-Fi” network close to a Starbucks, or they can hack into unsecured public networks. A malicious Wi-Fi network can steal your passwords, pose as your bank or email provider, among other things. It’s best to stay away from public WiFi altogether, but if you must, use a reliable VPN that you have done enough research on.

The FBI recently warned of the newer term, “juice jacking,” where public USB ports can introduce malware and other monitoring software onto devices. As soon as you plug in your device, it is susceptible to data transfer. Instead, invest in that $20 battery pack for your phones, laptops, and other devices.

Let’s Talk Passwords

Each law firm uses a number of online accounts (Dropbox, Docusign, email, etc.) and likely shares passwords throughout the office staff. However, many continue to rely on the same passwords for several accounts. If one set of credentials is stolen, attackers may be able to use it to access other accounts and private data.

Some easy fixes include setting reminders to frequently change your passwords and let your computer pick the password. Most likely, the computer will arrange a unique combination of letters, numbers, and symbols for the best level of security. It also would not hurt to use password managers like LastPass and 1Password. These minor adjustments have the ability to protect your business from potential million-dollar scams.

Legal Payment Softwares

We aren’t using business checks as much anymore. The majority of financial transactions today are wired, which increases their vulnerability to hackers and scammers. A free or inexpensive way to prevent unauthorized access to data is through encryption.

We strongly advise using a program like LawPay, which was created specifically for law firms and provides several security advantages like end-to-end encryption, two-factor authentication, and PCI-DSS compliance.

Data Recovery & Ransomware

Having the ability to restore data is crucial now more than ever as ransomware attacks grow exponentially. Even though it’s preferable to prevent a ransomware attack in the first place, having reliable backups is essential. The “How Does Your Firm Back Up Its Computer Files?” question, asked in the ABA 2022 Survey, resulted in the majority of businesses (29%) claiming they use an online backup service like Mozy, Carbonite, etc. Offsite (i.e., storing backups at home, the bank, or another office) came in second with 24% of the vote, followed by External hard drives (21%). Some businesses are still using antiquated backup methods like tape and optical discs. This is a scary percentage of firms not utilizing cloud services…

Without proper data storage, all of the firm’s information can be considered “up for grabs.” Information ransom, or ransomware, is a serious cybersecurity risk for law firms. Information that is sensitive and confidential may be lost if ransomware encrypts the data of a law firm. Furthermore, payment may be demanded in exchange for the decryption key. Paying the ransom does not ensure that the data will be returned, and it might even encourage additional attacks. Law firms should put in place a number of security measures, such as frequent data backups, employee training, network segmentation, and up-to-date antivirus software, to guard against ransomware.

Process Service Phishing

This year, the Better Business Bureau (BBB) warned consumers about an identity theft scam in which thieves pose as process servers in order to steal personal data. A call or email asking for confirmation of personal information could be the beginning. Our first guideline is to refrain from providing the con artist with any additional personal information. Check the website of your local court for the case they are attempting to reference before you respond. If their practice or the case does not appear online, it does not exist. Training sessions can teach your employees to detect threats, and phishing detection tools can add another level of protection against scam emails.

At the end of the day, it’s easier and cheaper to implement these protocols than to fix a cyber attack. Lawyers must continually evaluate the security of their offices and adapt to new threats and techniques. An attitude of “set it and forget it” won’t help businesses survive. When it comes to cybersecurity, all law firms would do well to remember Benjamin Franklin’s adage that “failing to prepare is preparing to fail.”

BBB Scam Alert: This phishing scam claims a process server is looking for you

Many scams start with an intimidating phone call. A “debt collector” needs you to pay immediately. Or a “police officer” claims to have a warrant for your arrest. The latest variation involves a phony process server and a non-existent court case against you. BBB Scam Tracker has gotten numerous reports of this new twist. Here’s how to spot it.

How the scam works

You receive a call from an unknown or blocked number from a person claiming to be a process server. They might say there is a lien on your home or someone is taking you to court over unpaid medical bills. In other cases, the scammer may be secretive, saying they can’t reveal details until your papers are served.

Next, they’ll ask you to “confirm” sensitive personal information, such as your date of birth and Social Security number. When you’re hesitant to give out this information, they stress the urgency of the matter – after all, you’re being taken to court! If you ask too many questions about who is making a complaint or what company the process server works for, the scammer will get angry.

Sometimes, the “process server” may be phishing for information about your family members. According to one target, “I received a call from some lady who… stated that my phone number was provided to them by my mother, and they wanted me to verify her Social Security number and date of birth. I refused and asked her what the phone call was about. She stated that there was a lawsuit pending against my mother, but she declined to state who the complainant was and said there would be a process server coming through to serve papers. They refused to provide my mother with any information regarding a lawsuit against her. We waited for a process server, and of course, none showed up.”

The people behind this scam don’t have any legal papers to deliver, they want to get their hands on your personal information to commit identity theft.

How to avoid phishing scams

  • Be wary of scare tactics. Scammers love to threaten people with legal action or hefty fines, scaring them into giving up their personal information. They hope fear will make you act without thinking. Always remember representatives of a reputable business or legal office will be polite and civil, even in a serious situation. They won’t pressure you to act immediately “or else.”
  • Search your local court website. If you think there’s a chance someone has filed a lawsuit against you, check your local court’s website. Search your name to see if any lawsuit has been filed. If nothing comes up, you’re in the clear.
  • The scammer may have some personal information. Don’t give them more. Scammers may have some of your personal information already from a previous phishing scam, a data breach, or some other source. They may use these stolen details to get even more information from you. For example, they might read your Social Security number and then ask you to “confirm” your date of birth. Even if someone already has a few details, don’t give them any further information unless you are sure you’re dealing with someone you trust.

Related Posts