SSST #28: Even Microsoft Can’t Lock the Gates

The determination that a recent Microsoft Exchange hack was the work of Chinese state actors has put that massive breach back in the headlines, worrying businesses of all sizes.

The encouraging news is that small firms using cloud-based email servers likely escaped catastrophe this time. More frightening is the reality of how pervasive cybercrime remains when even a tech giant like Microsoft can fall prey.

It’s a stark reminder that every business – regardless of size — must remain on guard against cybersecurity threats…or enlist the aid of vigilant professionals.

According to authorities, the China-backed group Hafnium exploited unpatched systems and stolen credentials to pull off the bold Exchange hack. The breach affected more than 100,000 email accounts (including small businesses, local governments, healthcare companies, and manufacturers), resulting in espionage and ransom demands.

What can you do besides nervously monitor the news?

As a small law firm reliant on outside tech platforms, you can’t secure external infrastructures – but there are steps you can take to protect your interests.

  • By promptly identifying, verifying, and installing critical security updates/patches on every device in your organization, you can avoid software exploits like those deployed in this hack;
  • By ensuring your team uses unique, complex passwords backed by multi-factor authentication (most efficiently implemented with a password manager), you can shut down the damage caused by compromised credentials;
  • By backing up business-critical email data on separate secure sites, you needn’t be at the mercy of ransomware;
  • By maintaining a cybersecurity insurance policy, you retain experienced assistance and financial protection should the worst scenario unfold.

We know that as a solo or small firm lawyer, you also have pressing demands of clients and commerce that leave you lacking the time/expertise to stay on top of cybersecurity. We can help.

Security+ clients receive eight layers of protection (including the four described above) tailored for solo to small and medium law firms at a flat monthly price suited for all budgets. Following a quick one-time set-up, all our work is conducted remotely; we stay vigilant and out of your hair while you remain focused on business.

However you proceed, please take precautions to protect yourself, your reputation, your clients, and your business. Keep us in mind — we’d love to help make future headlines less scary.

Comments are closed.
_320343 - Stupid Simple Security Tips - A4 Landscape

Want to receive more
Stupid Simple Security Tips?
Sign up below.

FREE CHECKLIST

The Security Checklist for Busy Lawyers

The Security Checklist for Busy Lawyers

Check Your Email
For Your Free Checklist