Our CIO, Kim Verska, discusses in a TechTarget article how to mitigate the increasing cyber attacks occurring during the COVID-19 pandemic.
Here are some excerpts from Kim’s interview:
You’ve got … malware. As the COVID-19 pandemic swept the U.S., attorneys at Culhane Meadows, a law firm that practices across seven states and the District of Columbia, received an email appearing to come from Johns Hopkins University School of Medicine. But a link that promised to ferry users to the program’s interactive outbreak map, with the latest confirmed infection and mortality statistics, actually led them to a third-party malware site designed to gain access to corporate data.
According to Kimberly Verska, managing partner, data security attorney and CIO, it was one of three separate pandemic-related phishing attacks to hit Culhane Meadows in a single week. Fortunately, the firm’s users recognized the emails as suspicious and forwarded them to security leaders, effectively evading a possible breach.
“Your weakest link is basically always going to be people, especially if they are a little discombobulated,” Verska said, stressing the importance of security awareness training in mitigating ransomware threats during times of crisis.
Joseph Blankenship, senior analyst for security and risk at Forrester, said his firm has had a “healthy debate” on whether their own internal phishing simulation campaigns should use COVID-19 lures.
“I think it’s a really fine line that security teams must walk,” Blankenship said. While organizations need to prepare users for emerging pandemic-related threats, in his opinion, they should avoid creating undue, additional stress at a time when employees are already anxious and distracted.
His advice: Never chastise users who fall for simulated phishing attacks by saying, “Wow, I can’t believe you clicked on that — you get a demerit.” Instead, he recommended reiterating that such phishing attacks are out there, what they look like and to be especially careful.
Pandemic-specific security awareness training sessions are also important in preparing users for an onslaught of related phishing attacks, Verska said. However, remote learning can pose unique challenges — especially for teams that are new to work from home and are accustomed to the built-in accountability of in-person interactions.
“You really need two things: the training itself — with examples of real-world phishing — and people who are listening,” Verska said.
To encourage participants to pay attention despite inevitable, at-home distractions, Verska has them complete brief questionnaires that review what they learned at the conclusion of web-based training sessions. “You need to find a substitute for the face-to-face meeting dynamic,” she said.
As a fully remote firm without permanent physical office space, Culhane Meadows also found itself at a technological advantage when the COVID-19 pandemic hit, thanks to its cloud-based infrastructure and aggressive encryption policies, Verska said. Stay-at-home orders complicated normal business and security operations but didn’t compromise them.
Many law firms have central services that users access via VPNs, according to Verska. Once inside, threat actors can move laterally within a network, plundering or encrypting the bulk of an organization’s confidential data. “In contrast, if I click on the wrong link, someone can’t use my credentials to bring the entire law firm to a halt,” she said.
The complete article can be found here.
About Culhane Meadows – Big Law for the New Economy®
The largest woman-owned national full-service business law firm in the U.S., Culhane Meadows fields over 70 partners in ten major markets across the country. Uniquely structured, the firm’s Disruptive Law® business model gives attorneys greater work-life flexibility while delivering outstanding, partner-level legal services to major corporations and emerging companies across industry sectors more efficiently and cost-effectively than conventional law firms. Clients enjoy exceptional and highly-efficient legal services provided exclusively by partner-level attorneys with significant experience and training from large law firms or in-house legal departments of respected corporations. U.S. News & World Report has named Culhane Meadows among the country’s “Best Law Firms” in its 2014 through 2020 rankings and many of the firm’s partners are regularly recognized in Chambers, Super Lawyers, Best Lawyers and Martindale-Hubbell Peer Reviews.
The foregoing content is for informational purposes only and should not be relied upon as legal advice. Federal, state, and local laws can change rapidly and, therefore, this content may become obsolete or outdated. Please consult with an attorney of your choice to ensure you obtain the most current and accurate counsel about your particular situation.