Chat with us, powered by LiveChat
678-389-6200

Is your law firm as secure as it could be?

Research shows that most law firms are confident about their cybersecurity — but are they really as safe as they believe?

Cybersecurity and Your Law Firm

The legal sector is facing truly challenging opponents outside of the courtroom – cyber criminals.

The stakes have never been higher.

These rising threats are why cybersecurity is becoming a more common topic of discussion in the legal industry. And while surveys have shown that 80% of legal organizations consider their cybersecurity to be sufficient, that may not be the case.

“[…] cybersecurity practices at law firms are generally not very strong,” says Eli Wald, author of Legal Ethics’ Next Frontier. “[…] lawyers in general tend to delegate cybersecurity concerns and responsibility for infrastructure to others, usually the IT group, and so they may not know how vulnerable they are.”

Why Are Law Firms Targets For Cybercriminals?

The short answer is that law firms store lots of private data about their clients. “Law firms present a tempting target for cyber crime,” says Jason Rorie, CEO of MSP Overwatch. “Their servers hold incredibly valuable personal information.”

“Cybercriminals tend to focus on targets that are rich in personal or financial data,” adds Rorie. “They gain access to the data through ransomware or a breach, then sell it on the Dark Web to other criminals who use it in a number of ways.”

Stolen private data is used for everything from voter fraud to opening credit accounts. This activity often happens months after the initial theft of the data.

How Are Legal Firms Addressing Cybersecurity?

Recently, a third of in-house counsel respondents in “The State of Cybersecurity Report: an in-house perspective” reported that they had experienced a data breach. Cybercrime is only expected to grow from here, with the occurrence rate of data breaches estimated to increase by 22.5% each year up to 2023. According to a recent study by the American Bar Association (ABA):

  • 75% of firms are using some anti-virus software.
  • 58% of responding firms are using a firewall or anti-phishing software.
  • 33% of firms are using email encryption software.
  • 25% are using device encryption software.
  • 17% of law firms have some directory security in place.
  • 25% of firms train their staff on cybersecurity best practices.

5 Ways to Improve Your Cybersecurity Posture

1. Two-Factor Authentication

Two-Factor Authentication is the current standard for adding an extra layer of protection to existing system and account logins. 45% of polled businesses began using 2FA in 2018, compared to 25% the year prior. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards. Complete security usually demands multiple authentication methods: something you know (like a password), something you have (like your phone for 2FA), and something you are (like a fingerprint or other biometric).

2. Data Encryption

Encrypted data is formatted using a key, storing or transmitting it in such a way that it would be meaningless if intercepted. It is one of the most efficient ways to secure a database given that decryption can only take place with the correct key.

3. Access Monitoring

In addition to encryption, the client data you store should be protected from unauthorized access:

  • A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
  • Intrusion Detection. One of the only surefire ways to protect your network and data is to actively watch over it. A Security Operations Center (SOC) can monitor your network traffic around the clock and respond to any intrusion attempts in real time.

4.Password HYGIENE

  • Length and Complexity. The easier it is for you to remember a password, the easier it’ll be for a hacker to crack.
  • Personal Information. Password recovery systems use personal details to verify a user’s identity – unfortunately, with widespread use of social media, it’s not difficult for hackers to research a target through Facebook to determine when they were born, information about their family, personal interests, etc.
  • Numbers, Case, and Symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
  • Avoid Patterns and Sequences. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.

5. Avoid Dangerous Emails

Always exercise caution when it comes to clicking on a link or downloading an attachment. Be careful even if the email seems to be coming from a known source or even from within your organization as email addresses are often spoofed:

  • Be wary of links and attachments in email messages. They may contain malware that can infect your computer.
  • Confirm the real sender of the message. The company name in the “From” field should match the address. Also, watch for addresses that contain typographical errors or lookalike domains like “janedoe@microsofthelp.com”.
  • Hover over the URL in the email to view the full address. If you don’t recognize it, or if all the URLs in the email are the same, phishing is likely.

Cybersecurity is as complex as it is essential. Most law firms don’t have the resources (or the desire) to handle everything on their own. A knowledgeable IT services company can make all the difference. An IT provider with a proven track record of cybersecurity success can help you develop a cybersecurity plan capable of defending your law firm and your clients against hackers.

For more information, call mPowered IT at 678-389-6200 or visit mpoweredit.com.

6 Things Your Insurance Agency Can Count On With mPowered IT

Get the mPowered IT Experience for Your Insurance Agency

We’re better equipped to support your insurance agency’s IT needs because we already know your systems (most MSPs do not). We understand the agency workflows, agency management, and document management systems you count on to run your insurance agency. Why waste time getting a Managed Services Provider up to speed, when you can have mPowered IT who already has the expertise?

Six things your insurance agency can absolutely count on with mPowered IT

1. INSURANCE AGENCY KNOWLEDGE of software and systems
2. PROACTIVE MONITORING 24 / 7 / 365 to prevent problems – We provide true proactive monitoring, constantly checking over 2,000 service points in your insurance agency’s network. When we see an alert, even if it’s in the middle of the night, we address it right away. So when the business day starts, everything is functioning. Your employees can get right to work without even knowing there was an issue.
3. RESPONSE IN 15 MINUTES OR LESS to every service request – We believe a help desk should be easy for any employee to use. We hire only American IT engineers, who know how to explain things in simple terms, and want to help you solve the problem. One of our core values is providing our customers with an excellent experience with every call. Think of our help desk as a frustration-free zone!
4. FIXED RIGHT THE FIRST TIME so you don’t have the same issue again 
5. FAIR & PREDICTABLE PRICING with no ugly surprises
6. THE BEST IT EXPERIENCE or we will find you another provider – We work as a key member of your management team, guiding you on technology decisions that are in the best interest of your unique business. We don’t have an incentive to sell you on any system or technology – we are not in business to sell technology. We’re free to advise on the technologies that will keep your costs aligned with your agency’s needs and budget.

To learn more, book a free, zero obligation custom consultation with the CEO of mPowered IT. You can also give us a call at 678-389-6200.

What is Daas?

The world of cloud computing seems to be a bottomless well of new and exciting acronyms. You may have heard of SaaS, PaaS, and IaaS — but here is one you might not be as familiar with, Desktop-as-a-Service or DaaS.

Desktop as a Service (DaaS) is a cloud computing offering where a cloud service provider like mPowered IT delivers virtual desktops to end users over the Internet, licensed with a per-user subscription.

What is Daas?

The world of cloud computing seems to be a bottomless well of new and exciting acronyms. You may have heard of SaaS, PaaS, and IaaS — but here is one you might not be as familiar with, Desktop-as-a-Service or DaaS.

Desktop as a Service (DaaS) is a cloud computing offering where a cloud service provider like mPowered IT delivers virtual desktops to end users over the Internet, licensed with a per-user subscription.

So, what are the advantages of Desktop as a Service?

Desktop as a Service offers some clear advantages over a traditional desktop model. Deploying or decommissioning active end users with DaaS is much faster and less expensive.

1.Faster deployment and decommissioning of active end users: The desktop is already configured, it just needs to be connected to a new device. For seasonal businesses that consistently spikes and drops in demand or employees, DaaS can save a lot of time and money.

  1. Cost savings:Because the devices that run DaaS require much less computing power than a traditional desktop machine or laptop, they are less expensive and use less power.
  2. Increased device flexibility:DaaS runs on a variety of operating systems and device types, which supports the trend of users bringing their own devices into the office and shifts the burden of supporting the desktop on all of those devices to the cloud service provider.
  3. Enhanced security:Because the data is stored in the data center with DaaS, security risks are considerably lower. If a laptop or mobile device is stolen, it can simply be disconnected from the service. Since none of the DaaS data lives on that stolen device, the risk of a thief accessing sensitive data is lower. Security patches and updates are also easier to install in a DaaS environment because all of the desktops can be updated simultaneously from a remote location.

The benefits of DaaS include simplified management, increased flexibility, and lower cost of ownership compared to traditional models. Businesses that aim to offer remote work options and personal device flexibility can use DaaS to quickly and easily create a digital workspace. Users may log in to their virtual desktop from anywhere, via many different kinds of devices, and their desktop will look exactly the same as when they last visited from a different location. All they need is an internet connection. Since the data lives in a centralized, remote location, it can be constantly backed up – no need for users to manage back-ups on their own or worry about data existing on a computer at the office but not at home.

To learn more, book a free, zero obligation custom consultation with the CEO of mPowerd IT. You can aslo give us a call at 678-389-6200.

Penetration Testing Methodology

Our industry leading penetration tests (sometimes called “ethical hacking”) are standards-based. They are closely tied to the fundamentals found in the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES) and the Open Web Application Security Project (OWASP) Penetration Testing Guide.

The open method associated with OSSTMM builds on a foundation of truth, diminishing commercial gain and political agendas. PTES is an endeavor by a group of information security practitioners to develop a common language and scope for performing penetration testing. The core purpose of OWASP is to “be the thriving global community that drives visibility and evolution in the safety and security of the world’s software”. By combining the spirit of  these three methodologies, we create a formidable program of work to serve you. You can rely on our penetration testing services to be thorough and comprehensive. Real people, real skill, real experience. Not simply a scan and generic report.

Our goal is to identify areas of risk that impact the security of your information. We provide a remediation plan tailored specifically to your organization’s needs for security and compliance. We often learn from new clients’ past experiences that plans were recommended, but execution was never a part of the plan. Why plan if you’re not going to execute?

Components of Penetration Testing

Our penetration tests are specifically tailored to your organizations needs and requirements. Our penetration tests can be comprehensive and include social engineering exercises, web applications assessments, and a review of your key firewall rules base and configuration. our team of experienced enterprise consultants and cyber security analysts can quickly help you identify a penetration test plan that is right for your organization based on any compliance requirements you must adhere to as well as the sensitivity of the data your process, store and transmit.

  • Passive reconnaissance (Domain Squatting, Email and File Enumeration, etc.)
  • Vulnerability Assessment
  • Penetration Testing
  • Web Applications Assessment
  • Mobile Application Assessment
  • Social Engineering (Phishing, Baiting, Pretexting)
  • Physical Security Review
  • Firewall and Router Configuration Review
  • Wireless Security Assessment
  • Incident Response Threat Identification Training

Detailed & Actionable Penetration Test Reports 

Every penetration tests is accompanied by a formal report, which was designed to not only provide a high level overview of the engagement for upper management and C-Level staff, but also includes the detailed findings, along with key recommendations, that can assist those with remediation responsibilities. Our world-class penetration testing security engineers are battle-tested on the front lines every day. We deliver comprehensive security intelligence that lowers risk, prioritizes solutions, and minimized business disruptions. Whether testing for security vulnerabilities or exploiting them, our teams have the expertise, ingenuity, and integrity to uphold your trust and put your mind at ease.

DELIVERABLES

  • Formal Report (Our Flagship Report)
  • Snapshot Report (Report Supplement)
  • Vulnerabilities by Severity Report (Report Supplement)
  • Vulnerabilities by Host Report (Report Supplement)
  • Ports and Protocols Report (Report Supplement)
  • Custom reports available on a case by case need and special request

We will discuss your report to make sure you understand the findings and recommended actions.

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200, schedule a 30 minute call or visit mPoweredIT.com.

Penetration Testing (Ethical Hacking)

We understand compliance – In many cases the penetration test (“ethical hacking”) is part of compliance with PCI, HIPAA, among other various compliance regulatory frameworks. In addition to probing general network and server vulnerabilities, we can assess specific IT targets, flags, such as firewalls, wireless networks, and web applications, or areas and assets containing sensitive data.

Employee Security Assessments

A major contributor to a security breach is human error. We will help you identify and validate your employees’ ability to follow documented policies, procedures and security best practices to reduce or eliminate inadvertent errors that could expose your data.

Compliance Expertise

If you are in an industry that requires compliance to exacting standards, such as healthcare, retail, finance, or government, you need the expertise to ensure your IT systems do not create a compliance issue with HIPAA, PCI-DSS, NIST, etc. Penalties for non-compliance can be extremely costly. We understand compliance and will ensure your organization’s IT system follows all necessary protocols.

Configuration Reviews

We will review your perimeter and internal firewalls & router configuration to identify any areas of risk, and will make recommendations if we find vulnerabilities.

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200, schedule a 30 minute call or visit mPoweredIT.com.

Web Analytics