print   email   Share

Cybercriminals Target Family Employers And Their Agents

Grubman Shire Meiselas & Sacks, a New York law firm that serves celebrity clients in the entertainment industry, recently confirmed that hackers breached the organization. The cybercriminals allegedly stole contracts and personal emails belonging to clients including Lady Gaga, Madonna, Bruce Springsteen, Rod Stewart, and Elton John.

According to the BBC, the cybercriminals are threatening to publish sensitive data unless the law firm pays up. The demanded ransom amount has not been released. They allegedly stole 756 gigabytes of data. A screenshot of Madonna's contract may have already been released.

The law firm said it has notified its clients and is working with cybersecurity experts, although it is unclear if they are considering paying the ransom. The firm's website was down following the attack.

According to the founder & CEO of web security company ImmuniWeb, law firms are an attractive target for hackers because they can breach mid-sized law firms and get highly confidential data more easily than attacking its clients, such as banks or celebrities, directly. In addition, many law firms access confidential data with mobile phones and laptops as well as office computers and upload these documents to the cloud or file sharing websites.

He said that few law firms have prioritized strong cybersecurity, provide sufficient employee training, or have incident detection and response capacities. Plus, many might try to keep the incident quiet to avoid reputational damage. Tom Jowitt "Celebrity Law Firm Hacked, Attackers Threaten To Leak Stolen Data" silicon.co.uk (May 12, 2020).

Commentary and Checklist

When selecting your law firm, accounting firm, business management firm, and other vendors, family employers must only select those service providers who can document strong cybersecurity practices. Keep in mind that many organizations you work with store your personal data and cybercriminals may want it.

Cybercriminals are also targeting homes. Here are some additional tips to help keep your data secure at your home:

·      Equip all computers with the latest security software and keep your protection up to date. Turn on the full-disc encryption and routinely scan for viruses on all computers.

·      Install a firewall on any internet connection used by staff for work.

·      Protect mobile devices with long, unique passwords and encryption. Require staff to report any lost or stolen devices immediately. Tell staff never to leave devices unattended in public.

·      Backup data regularly and store it in a safe place.

·      Encrypt your Wi-Fi network and require staff to only use a secure Wi-Fi network if working remotely.

·      Work with banks and other financial institutions to make sure your accounts are equipped with the best anti-fraud tools available.

·      Only allow staff access to the data they need to carry out their jobs.

·      Require staff to use unique passwords for all accounts.

·      Do not share sensitive information on social media sites.

·      Prohibit staff from keeping data when they leave. Have staff return any work devices and revoke their access to your online accounts.

Finally, your opinion is important to us. Please complete the opinion survey: