In any organization at least one person—and probably more—will click any email link, and sometimes that opens a door for hackers to get to senior management data.
The issue was discussed by two cyberintelligence experts at a Thursday ABA Techshow panel, titled “A Fool and His Data Are Easily Parted: Fundamentals of Data Protection.”
“Last year was the year of law firm hacks. Law firms are soft targets,” said Andrew Tannenbaum, IBM’s chief cybersecurity counsel. “This is the world we’re living in.”
Free Wi-Fi; devices that look like SD cards, but actually tap into secure data, and passwords with meanings can all lead to getting hacked, said Roy Zur, another presenter at the conference.
And if you receive an email that states you need to change a password, don’t do it through the communication, added Zur, a former Israel Defense Forces officer who founded Cybint Solutions, which advises law firms on Internet issues. Instead, visit the website seeking the password change, said Zur, who also works as the Israel national director for the test prep group BARBRI Bar Review.
“Easy hacking methods are not something that require any previous knowledge. They don’t need to be tech savvy to do it,” said Zur, mentioning the website Shodan. A search engine for Internet-connected devices, it can be used to hack into businesses’ security cameras.
“Cameras are connected to Wi-Fi. People think it’s protected, because there’s a Wi-Fi password, but the camera is also connected to the Internet, and most cameras come with some sort of default password,” he added. “I’d say 50 percent of these security cameras are using default passwords. And you’re not just accessing the camera; you can also access the alarm system.”
Indeed, anything connected to the Internet can be hacked. Tennenbaum mentioned CryptoLocker, a ransomware trojan that targets computers running Microsoft Windows. Traditionally, ransomware goes after people’s data, he said, but increasingly hackers use it to shut down things, like key card scanners. Some resort to paying hackers, usually in Bitcoin, to have their data released.
“Of course you never want to be in a position of having to pay,”he said. “The FBI says it’s better if you don’t pay. And the more people pay, the more it can be an effective tool.”