Category: Fraud & Embezzlement

CybersecurityFraud & EmbezzlementLaw Practice ManagementTechnology

Ransomware Alert: 7 Prevention Considerations

image   by Sheila  Blackford   ©2016   It is time to be scared about Ransomware, but not paralyzed by fear. The bad news is that there are more cases of ransomware – malware that seizes control of your data, encrypts the data, then demands a ransom to turn over the key to decrypt the data, though many are finding the ransom payment is no guarantee of the data. The good news is that there are things you can do proactively to protect your data, and that is empowering.

The FBI requested that the ABA share Private Industry Notification cybersecurity alerts with the legal community.  I want you to read this Ransomware alert then do at least one of its recommendations but I honestly hope you will be scared enough to do them all. To sign up for receiving future alerts, use this link to the ABA. https://shop.americanbar.org/eBus/MyABA/MyLists.aspx  

‘While the FBI normally recommends organizations invest in measures to prevent, detect, and remediate cyber exploitation, the key areas to focus on with ransomware are prevention, business continuity, and remediation. “

7 Prevention Considerations from the FBI:

1.  Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.

2.  Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.

3.  Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.

4.  Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; and they should operate with standard user accounts at all other times.

5.  Implement least privilege for file, directory, and network share permissions. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. Configure access controls with least privilege in mind.

6.  Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.

7.  Implement software restriction policies (SRP) or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular Internet browsers, or compression/decompression programs, including those located in the AppData/LocalAppData folder.

 

 

Fraud & Embezzlement

Tis’ the Season for Embezzlement

image  by Sheila Blackford   ©2014    Embezzlement season is upon us. Why? Because the Holidays are a time of overspending and stress from trying to meet expectations. More, more, more. How to pay for it may sadly be with your firm’s money.

Here is a checklist to help you prevent Fraud and Embezzlement:

All law firms should adopt an effective, documented system of internal controls to protect against acts of dishonest lawyers and staff. Incorporating the following procedures can greatly narrow if not eliminate windows of opportunity for wrongdoers.

Bank and credit card statements can be delivered to the managing partner at a home or separate address for the MP’s personal review.

Checks and debit memorandum should be reviewed with the statements.

Checks and wire transfers should require two signatures and signatures should be verified.

A copy of the bank reconciliation should be attached to each monthly bank statement and reviewed by two parties.

Finance or accounting personnel should not be signers on all bank accounts.

Checks received in the mail should be immediately endorsed by a two-person team who opens and processes the mail.

After checks are properly endorsed, the accounting or bookkeeping department should take charge of the checks for deposit.

Whenever possible, a check-protector machine should be used for entering the amount on the firm’s checks.

BillingBusiness PlanningClient relationseLawyeringEmail

Where are your go to resources?

JEL23652-Blackford, Sheila P3 (2)   by Sheila Blackford   ©2012

What is the best trust accounting software I should adopt for my firm?
When should I run a conflicts search?
How long I should keep closed client files – if my client has a copy already?
Where should I open my office to get more business?
Which networking events may be helpful to me as a new attorney?
Who can help me figure out what I need to do to open my own office?

These are all questions that get asked over and over by lawyers. The big question behind all of them is one: where are your go to resources? Today, I’d like to tell you about where you can find a variety of valuable of go to resources.

Ask a Practice Management Advisor
I work for the Oregon State Bar Professional Liability Fund as a practice management advisor. If you are an Oregon lawyer or member of an Oregon lawyer’s firm, then you know the PLF is the mandatory malpractice insurance carrier for the basic coverage required of Oregon lawyers in private practice. If you are not an Oregon attorney, you may have a practice management advisor associated with your state bar association. To see a list of practice management advisors in North American, see here ABA Law Practice Management Section Practice Management Advisors/State & Local Bar Outreach Committee. Call your practice management advisor! We are a resource to getting you the answers to your questions.

Practice Aids & Forms
What you may not realize is that the PLF has a huge variety of free practice aids and forms that can be downloaded from www.osbplf.org. See Loss Prevention on the menu and select the last item, practice aids and forms. Download all of them in Word or WordPerfect and you can customize them. You find a variety of checklists to help you to tackle various substantive practice areas – adoptions to workers’ compensation– plus topics that cut across all practice areas like conflicts of interest, calendaring and docketing, engagement, nonengagement, disengagement, file management, opening your law office, closing your law office, trust accounting, and technology. Lawyers are surprised by the number of practice aids and forms that are available.

Publications
You want to open your own law office? The PLF has free guides which you can download in PDF format from the PLF website, on the menu under Loss Prevention, select Books from the PLF: A Guide to Setting Up & Running Your Law Office, A Guide to Setting Up & Managing Your Lawyer Trust Account, Planning Ahead: A Guide to Protecting Your Clients’ Interests in the Event of Your Disability or Death, and Oregon Statutory Time Limitations Handbook.

Books from the OSB: BarBooks is a resource you simply must take advantage of because you are entitled to free access to excellent books specific to your desired practice area, such as the helpful five volume Advising Oregon Businesses. If you want to look at what publications the OSB offers, see the Legal Publications Catalog. Don’t overlook valuable publications that are associated with CLEs.

CLE Seminars
You want to learn about practicing in different areas?
CLEs from the PLF:You can find CLEs geared to avoiding malpractice traps in family law or how to set up a conflict system or handling your trust account or improving your understanding of financial considerations about managing your law office plus a great variety of other practice management at the PLF. See PLF website then on menu under Loss Prevention select CLE to review on-demand programs, access programs available on DVD of a CLE you might have missed and download the CLE’s handouts, or learn about an upcoming in-person CLE.

CLEs from the OSB:You can find CLEs specific to your desired practice area plus other CLEs – find out what CLEs are available in a variety of formats, QuickCalls, CLE On Demand learn about upcoming live seminars you can attend in person or by webinar by accessing the OSB CLE and Seminars catalog at OSBCLE.org.

CLEs from the Oregon Law Institute (OLI):You can find CLE offerings that fit your needs at OLI. Don’t overlook the OLI resources, whether in person seminars, webinars, MP3 courses, or review their product catalog.

American Bar Law Practice Management Section CLEs: The LPM Section offers CLEs produced by the American Law Institute (ALI). You do not have to be a member of the ABA LPM Section, though you may want to join. See information about the LPM CLEs here.