Are you concerned about your firm's cybersecurity?

Are you worried about your team member's password use?

Are you concerned about your firm's cybersecurity?

Are you aware that password management is a critical aspect of effective cybersecurity, and that failing to implement strong password policies could leave your business vulnerable to cyber attacks?

SSST #5: The DarkWeb 2020 – Is Your Law Firm Safe?

I know the idea of a shadowy, clandestine alternative internet sounds the like plot to a ’90s sci-fi movie, but that’s what the Dark Web has become in 2020.

If you are a Mac-using lawyer, I can already imagine what you might be thinking. It might be something like, “yeah, hacking is a real bummer, but we use Macs and iPhones, so we’re safe.”


It’s not a matter of if your firm is breached; it’s a matter of when.

How far are cybercriminals willing to go to get your data? How many hoops do they have to jump through along the way?

A malware author, who wears a nice suit, not a black hoodie, would probably answer with: “As many as I need to because your data is worth that much on the Dark Web. Click this link to see how much…”  

Stop!  Don’t click that link!

Why is the Dark Web the abode of hacking mischief?

Sometimes, I pause and wonder how the bad guys stay one step ahead of the good guys.

Does it all really come back around to anonymity, or is the problem deeper?

Criminals come in all shapes and sizes, so what makes hackers unique? 

At its core, it boils down to displaying their “power” over you and profiting from it, not always monetarily by the way.

Unless you know how to protect your identity, the Dark Web isn’t a safe place for amateurs to roam.

It’s not a perfect analogy, but the Dark Web is similar to the stray iceberg that sunk the Titanic. The captain had no way of knowing that most of the danger lies underneath the waves, it looked safe.

As if 2020 wasn’t already tough enough, Malwarebyte’s revealed in February that Mac-based malware is outpacing Windows malware for the first time.

This is a scary realization:

“We saw a significant rise in the overall prevalence of Mac threats in 2019, with an increase of over 400 percent from 2018. However, part of that increase can be attributed to an increase in our Malwarebytes for Mac userbase. To see if that increase reflects the reality of the Mac threat landscape, we examined threats per endpoint on both Macs and Windows PCs. In 2019, we detected an average of 11 threats per Mac endpoint—nearly double the average of 5.8 threats per endpoint on Windows.”

 – Malwarebytes Labs 2020 State of Malware Report – Feb. 2020

Source: Malwarebytes Labs 2020 State of Malware Report – Feb. 2020

The takeaway for Mac-using attorneys and their law practices is that the Dark Web remains a concern despite the good guys’ best efforts.

Researchers estimate the deep web is 400 to 500 times larger than the internet that most of us know; the Dark Web thrives as a subset of the deep web.

But the deep web isn’t inherently bad.

What is terrible – and potentially financially devastating for law practices who suffer a data breach – are the shady characters exploiting it as a medium to sell stolen data and who knows what else.

Strangely, there’s a sort of honor among thieves in the Dark Web community.

It’s a badge of honor to pull off a hack and profit from the spoils.

All the hackers know is, “awesome, I totally lifted that law firms’ usernames and passwords.”

Complicating matters further, the scripts being used have also changed, according to Malwarebyte’s report.

For instance, security researchers discovered that the new malware, MageCart, could scrape payment processing data without compromising an end-point.

Anyone can get hacked.

I need to reiterate that fact in light of the continued rise of Mac malware.

When businesses suffer a breach, it’s usually from a more massive breach that you had no control over.

Don’t get me wrong. Using cloud services is standard practice, but when they get hacked, you have to pick up the pieces on your own.

What’s the worst that could happen if or when your firm gets hacked?

Simply put: The worst is that you might have to pay enormous penalties for compromising your clients’ data.

But the damage can be more than financial; an alarming data breach can ruin your firm’s reputation that you worked so hard to build.

Stolen credentials on the Dark Web aren’t solely a problem for big firms because small-to-medium-sized practices get hit, too.

In fact, hackers prefer to go after small firms since they often don’t have as many protections in place if any.

Mac-using attorneys used to have the edge over their Windows-using peers, but not anymore.

Malwarebyte’s report clearly shows how Mac hacks have caught up to Windows malware.

OK, now what can I do to protect myself on the Dark Web?

Dark web monitoring is one of the services we offer at GlobalMacIT. It’s a must-have tool to protect yourself from Dark Web exploitation.

Small firms don’t receive the same attention as large firms when it comes to cybersecurity solutions. Cybersecurity companies keep underserving that market.

Enterprise-grade tools can cost as much as $20,000, but GlobalMac IT offers affordable options.

A quality solution provides monitoring around the clock. It informs you immediately when a problem arises, such as your passwords and social security numbers for sale on the Dark Web.

Want to see if you your credentials are on the Dark Web?  GlobalMac IT can perform a one-time search of the Dark Web for just $27 to see if you’re already in trouble.

We check for stolen information on black market e-commerce sites, forums, phony blogs packed with malicious links, and peer-to-peer networks. To do the job right, you have to turn over every rock and see what scurries out.

Our scan also includes scanning the personal email addresses of up to three personal email addresses.

If you want to know if your credentials are on the Dark Web, shoot me an email at [email protected].

Comments are closed.

Want to receive more
Stupid Simple Security Tips?
Sign up below.


The Security Checklist for Busy Lawyers

The Security Checklist for Busy Lawyers