Sensei Pens Column For Above The Law
October 13, 2022
Above the Law featured Sensei article entitled “Mind Games Cybercriminals Play With Law Firm Employees” by Sharon Nelson, John Simek and Michael Maschke. This article is the latest in a new monthly series entitled Cybersecurity: Tips From the Trenches with Sharon Nelson, Esq., John Simek and Michael Maschke of Sensei Enterprises. As noted authors and lecturers, Sharon, John and Michael speak on a variety of IT, Cybersecurity and Digital Forensics subjects. They lecture throughout North America and have been interviewed by TIME, ABC, NBC, CBS, CNN, Reuters, many newspapers and even Oprah Winfrey’s O magazine.
“Hackers Don’t Break In, They Log In”
We love that quote from Corey Nachreiner, the CSO of cybersecurity firm WatchGuard. We do of course make logging in all too easy. Many law firms do not have an out-processing checklist for those who leave their employment, so we make it simple to discover IDs and passwords that are “hanging around.”
If they reused their passwords, they make it even easier for the attackers. But a current ploy is simply to pretend that they are someone else (usually another law firm employee) and indicate the need for the ID/password for any number of reasons – a network threat they are working on or involvement in a compilation of IDs/passwords to be stored securely in the cloud to enhance (they say) security.
They may even pretend to be your IT provider and they need your credentials to counter an imminent threat that has just been discovered. A remarkable number of law firm employees will give up their credentials in their desire to be helpful to someone they presume to be legitimate.
Are we saps? Pretty much, based on the evidence.