Lawyers Need to Use Caution in Online Environments

This article from Law Times has been “on the lamb” in my Google Reader inbox for a couple days now. I’ve tried to calculate how to use it and relate to an Android topic, and nothing seems to fit. Finally, I decided to just come right out with it.

The Law Times discusses a law firm in Toronto, Canada, whose bookkeeper mistakenly clicked a malicious link and resulted in “a large six figure” loss of funds from the firm’s client trust account. Ouch.

Apparently, the bookkeeper received a file or link that “looked legitimate” and clicked on it. Obviously she couldn’t log in to her banking site. She then received a call from “the firm’s bank” offering to “assist” her in her log in “problem.” And there goes the funds. A little at first, then everything.

My Bar Association has highlighted these crafty scams for months with several articles. Every pundit says the same thing: be careful of the links you’re sent and never give banking or log in information over the phone.

OK Bar Scams Targeting Lawyers

Similarly, you should also watch out for Microsoft “tech support” calls. These scammers claim to work for Microsoft and will “help” you repair your computer. Trust me, Microsoft support has enough in-bound tech support and sales calls they’re not going to actively seek you out.

The point is, many of these scams are easy to avoid. In the Law Times article, the bookkeeper innocently clicked a legitimately looking link. Innocence doesn’t save your law firm from culpability though.

These scams aren’t going away because they’re too profitable. Therefore, it’s important to be very cautious when accessing information online.

Dedicated readers will know I’ve discussed mobile security in a number of past posts. My advice is always the same: watch yourselves. You must believe that others are.

Here’s my over-played list of “secrets to online safety”:

  • Never give banking information over the phone, especially if someone call you. Your bank will not call to notify you of problems, then ask for your information to “verify” your identity. You should initiate all “I can’t access my account” calls.
  • Monitor bank accounts closely.
  • Call your bank immediately if you suspect fraudulent activity.
  • Don’t keep sensitive or private information on your mobile device (keep them on a list on your desk find a secure storage place, or memorize your passwords).
  • Regularly train staff to avoid clicking suspicious links, and have protocols for handling suspicious “client” inquiries.
  • Install antivirus and malware scanning programs on your devices, and remember, you get what you pay for.

One suggestion I hadn’t heard before (at least until recently) was this one: Allow low levels of privilege to computer users that will limit the ability to download software without an administrator’s permission.

One of my IT gurus says that even if you’re the only person using your computer, never give yourself “always on” administrator privileges. Downgrade your account to a user account with limited privileges. If someone/something needs to be installed, you have to physically log off and log in as an administrator to perform the installation.

Interesting tidbit that could protect your computer systems from malicious activity.

As always when we talk about mobile security, the best defense is a good offense. You can never be too aggressive with protecting yourself online and educating your employees and staff to do the same.

Let's discuss this (you can use Markdown in your comment)

Jeff Taylor

I’m just an ordinary guy living an extraordinary life. I’m also an attorney and I blog about Android for lawyers. You can follow me on Twitter, LinkedIn, YouTube, or Google+.