ICYMI: Four BC firms hit as cybercriminals ramp up attacks

September 27, 2024

Read our recent Notice to Lawyers to learn more about the two ransomware attacks and two funds transfer frauds that hit BC firms.

What can you do? Awareness, vigilance and training are key to cyber security. Here’s a summary of the key points from our Notice to Lawyers:

  1. Awareness and training: Educate yourself and your staff about preventing and detecting cyber fraud. Ensure all staff read the Notices we send out.
  2. Funds transfer verification: Implement a robust verification process. Never use the contact information provided in the instructing email (or confirming letter), and use our checklist. If you are not personally making the phone call to verify instructions, review a completed checklist on every payment before the funds leave your account.
  3. Avoid email verification: Do not rely on email communication to complete the secondary verification because — as we have seen — the email purportedly from your assistant confirming that verification has been completed may actually come from the fraudster.
  4. Network security: Make your computer network as secure as you can. Ask your IT professional about security, including:
    • Regular vulnerability testing — Have your IT professional test your network’s security.
    • Coalition Control — Use this program to actively monitor your risks.
    • Multi-factor authentication — Use two forms of authentication to protect access.
    • Routine backups — Regularly back up data to a secure, separate location.
    • Email security — Consider measures such as SPF, DKIM, DMARC and anti-phishing solutions to protect against email-based attacks.
    • Password management — Create strong, unique passwords for each account, change them regularly and use a password manager.
  5. Insurance: Ensure that your firm has network security and privacy liability insurance, either through Coalition or on your own (or a combination of both). In addition to the financial benefit insurance provides, the specialized guidance from the insurer in the immediate aftermath of a security or privacy breach can be invaluable because the experience can be terrifying.