Practice Logo Black

This scam is so prevalent right now, this is just one of the reasons why I think it’s so important to raise awareness of it. First and foremost, this is almost certainly a scam. There are only a small handful of ways it could be an actual threat, which we will discuss a bit later here. Regardless, we know as lawyers the way to sue someone is not through a filtered email. 

Nonetheless, it's a terrifying email to receive. 

We don’t want to make light of the fact that the licenses, privacy, and usage rights incorporated into the materials you use do matter. It is incumbent on each of us to know we have the legal right to use what we put on our print and integrated digital media collateral. If you don’t know, that is the first step here. You need to be absolutely sure that you own your content or have a right to use it in the format that you choose to use it in.

Let’s dive in and address three key things you need to know right now as it relates to this scam.

1. You cannot use images you don’t own. To follow up on the above statement, take a minute this weekend to read the terms and conditions surrounding the images you use. What does the license say? Do you have the absolute right to use them how you see fit? If not, what are the limitations?

Further, are you working with a marketing company? It is time to ask it important questions. What does your contract say with the marketing agency? If this claim proves to be true, where is the blame? Is it on you? The agency? Does the agency have a plan to address issues like this? You need to know where you stand. 

2. You need to know the terms and conditions surrounding the images that you use. Contrary to popular belief, you can’t just download something from the internet. Just because something exists on Google or Yahoo or Facebook or Bing, does not mean you have the right to use it. Do you have a public license? Do you have a business license? For print, do you have a redistribution license, and for how many publications?

3. You need to stop responding to email that is going to subject you to ransomware or other cyberattack. When you read this email, concerning as it is to receive, you probably knew deep down it was a scam. What did you do next, though? Did you react? Did you respond? Did you contact the person? Or did you report it to the authorities? The latter is the only step to take here. If you need to who to report it to, just ask us. The main players are the FBI Cybercrimes Division, your state’s Attorney General’s Office, and the Better Business Bureau.

This is just the first part of this conversation. We plan to send out an email next week too with our ABCs of Cyber Security as it seems a very appropriate time to dive into as a cyber refresher. We are also putting together an updated Cyber Threats Webinar and will let you know the date and time. Stay tuned!

Here at Practice42, we can help to tailor your materials and processes to best suit your needs.  Let us help! We encourage you to call us at 850-933-5072 to schedule a free Strategy Session with our team to find out more about what we can do for you.

Do you know your ABCs? Not the ones you learned in grade school, but the ones surrounding cybersecurity that can protect your practice. Ready to relearn them? Let’s begin!

Always read, learn, and understand what is required of you in your cybersecurity insurance policy. Many lawyers today still do not read the fine print when it comes to the legal insurance policies. Do not forget to read the fine print of your cybersecurity insurance policy to learn what you need to do to ensure it works.

Bar rules related to cybersecurity and cyber ethics matter. Know your bar rules.

Cybersecurity defined: “Cybersecurity is the measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.” (Merriam-Webster)

Data ethics and your firm. Train your team to understand data ethics. The information you hold is a person, and how would they want their mother treated? Further, data collection policies should reflect the data you actually need, not what you don’t. Consider all data you collect subject to vulnerability and at risk of being stolen. Do you still want it?

Email is always a risk. Create team trainings to help your team understand what the risks are and teach them how to protect the firm. If you need help, hire a professional for the trainings.

Fire drills can help! Do not wait for a problem to know your setup works. Act as if there has been an attack on your practice and bring in your team and your IT professional to learn where the vulnerabilities are.

Get the help you need. We are lawyers. This is not easy. Hire a paid professional, learn what you need to protect yourself, and stay vigilant.

Hire the help you need. Whether it is an employee, a contractor, or a company you want to outsource to, identify and hire who you need in your practice. Do not wait for a crisis to happen.

Install back up and redundant servers and file protections. Test them. Make sure they work.

Just do it. This is an overused phrase, I know. But many of us need that additional push out the door to make a difference in our practices, consider this yours.

Keep an eye out for weird things. Slow computers, zombie computers, misspelled words, unusual file extensions, talking computers…if you start to see this, call your IT professional.

Logins, passwords, and access codes are vulnerabilities. Protect them the best you can. Follow industry best practices, such as sentence structure or a password company, to best protect your access to important information.

Maintain a strong relationship with a local IT professional. Period.

Never leave devices unattended or unsupervised or password unprotected. Threats and breaches occur even in the safest ecosystem. Do not open the door to potentially dangerous activity. Have a cleaning staff in your building? Lock down your devices at night. Meeting with clients in a conference room? Lock down your devices before you leave the room.  

Opening attachments should always be an action of LAST RESORT. Find a different way to share data. Train your employees and yourself to never open attachments. That is one of the easiest ways for a cybercriminal to attack you.

Partner with your clients. Cybersecurity breaches are not a matter of IF, they are a matter of WHEN. Tell your clients of the risk. Explain it to them. Ask them to acknowledge it and agree to it. The ones who want to work with you will work with you regardless. 

Quietness is not a virtue when it comes to cybercrimes. If you see something, say something. If you even barely suspect something, speak up and get help.

Read, read, read. Read, learn, and understand what is required of you in your cybersecurity insurance policy. Many lawyers today still do not read the fine print when it comes to legal insurance policies. Do not forget to read the fine print of your cybersecurity insurance policy to learn what you need to do to ensure it works.

Safeguard protected and private data. Take measures to protect the data you use in your law firm. You have some of the most vital data for each of your clients. Be careful to protect it thoroughly.

Train your team. As with every area of your practice, your team will not know how to best protect you and cannot be its most productive if you do not train them. Make the commitment.

Up to date software is a MUST HAVE. Only get your updates from trusted sources.

VPNs are your best friend. You need a VPN on all your devices. It is an easy layer of security to add. This is especially important if you work on a device that may not be in your ecosystem such as unsecure hotel Wi-Fi at conferences. Wi-Fi networks should never be unsecured. It may be “just general lobby Wi-Fi” but there is no such thing. Access to your Wi-Fi is access to your Wi-Fi, no matter what label you put on it.

Xenolalia may seem farther away than it actually is. The more you train yourself on the tech you need the more natural it will become for you, and you will find yourself speaking the foreign language of technology before you know it.

You. This all starts with you. You could make the commitment to do whatever you need to do to succeed in this area, or not. It is up to you. It is your practice.

Zero regrets. When you are the victim of a cyber attack, that is where you want to be. Do not waste time. Get started. Learn what you need to do. Get help. Choose to make smart answers to tough questions. After all, it is your practice, protect it.

We understand that you may have questions, serious questions, when it comes to cyber security, employment practices related to cyber security, and how to best protect yourself, your practice, and your clients. We are here to help. We build successful law practices nationwide. Do not wait to schedule a free 30 minute strategy session so we can discuss how to best support you in your practice.

When it comes to your engagement agreement in your law practice you’ve probably thought of just about everything. From billing practices and administrative expenses to office practices and describing your services, you have it all. When it comes to hacking, cybercrimes and security breaches, however, have you addressed them in full detail too?

At any time any of our firms could be attacked. Each of us could suffer significant losses to data, client files, and confidential information despite our best efforts and preparedness. Now is the time to think about how you manage client information, the security practices you follow daily, and what your message on your security practices is to your clients and professional relationships. There is no sign of cyber crimes decreasing in the near future and to best protect your firm, you need to consider adding a clause in your fee or engagement agreement related to security.

What should be included in your engagement agreement? Check out our five best practice ideas below.

1. Clarify, in writing, nothing is 100% secure.

It’s true. Even though you want to be able to promise absolute privacy and security, none of us can. Let your clients know you will do the best you can to maintain security, including, but not limited to, adhering to industry-standards for your business, installing security updates and utilizing the software you need to protect your practice.

2. Share your office policy and procedures.

Let your clients know each of your employees is trained on how to recognize cyber threats and that all of you are working as a team to best protect their information. Mention your email, attachment, and digital transactional policies, although you do not need to go into great detail. (Quick practice management pointer here: make sure you do have a training program for your employees on cyber security).

3. Accepting the assumption of risk.

There is a risk involved in any digital transactions and in working with any business today. Your client assumes this risk by working with you. Now is the time to get him or her to affirmatively decide to move forward.

4. Identify what your client can do to limit the risk.

During a hack, information may go out to a third party from you without your knowledge. Communication is key here. Let your clients know your standard communication policies and ask for their help. If they see something from you that raises suspicion, ask them to notify you immediately over the phone or in person.

5. Hold Harmless Clauses.

If it is allowed in your state under the bar rules, this is the time to consider including a hold harmless provision relating to threats, breaches, loss of privacy, and loss of financial information. This can include instances where personal and financial client information is stolen.  Be sure to read your malpractice or cyber terrorism insurance policies as well because, by policy standards, these clauses may be required for them to be in force.

Curious about what this clause looks like? Need an example? Just contact us to let us know and we’ll be happy to share sample language with you.

We build law firms you can successfully manage while you practice law. Let us help you reach your goals.
Schedule a Strategy Session
Copyright © Practice42 2024 | All Rights Reserved