The World Anti-Doping Agency (Wada) has condemned Russian hackers for leaking confidential medical files of star US Olympic athletes. Athletes affected include tennis players Venus and Serena Williams and teenage gymnast Simone Biles.
In the leak it was revealed that Simon Biles has been taking medicine for Attention Deficit Hyperactivity Disorder. The medicine taken is all within the rules of Olympic guidelines, but it is confidential information that she would not disclosed.
Colin Powell’s G-mail account was hacked; again it is thought that it was done by Russian Hackers. This time confidential e-mails referring to Hillary Clinton’s e-mail issues and Mr. Powell’s comments about the qualifications for president of Donald Trump were both released.
Now most law firm’s are not targets of Russian Hackers. Russian Hackers are not the only hackers capably of such an attack. If Colin Powell or Simone Biles were your law firm’s clients what would you do if this confidential information was released by the law firm through a hack of the law firm’s systems? Or the password and login to your IOLTA account(s) were obtained and the accounts drained, what would you do?
It is believed that these hacks happened due to a spearphishing attack.
Phishing is a term given to the technique of tricking a user into giving up crucial information - often by clicking a link that takes them to a malicious website disguised as a familiar one, such as the log-in page for a bank or social network.
Spearphishing takes this one significant step further. While a phishing attack is often aimed at many people in the hope some will fall for it, spearphishing is highly targeted. Hackers perhaps identified a small number of people, or even just one person, and wrote a phishing attack specifically designed to trick them.
Other than pushing a message of vigilance among your staff, spearphishing is incredibly difficult to defend against. Attackers often scour the internet, looking for added information on the target that might make an email more believable. Sometimes even knowing a person's favorite football team is enough to tip the balance in making a spearphishing email seem genuine.
If you assume that these leaks will happen, then you need to make sure that you have the proper insurance coverage including your Cyber/Data Breach insurance, Theft Insurance, and Attorney Malpractice Insurance. Depending on the type of information obtained by a hacker any or all of these policies’ coverage may come into play.
L Squared Insurance Agency can work with a firm to make sure that the proper insurance coverage is in place.