TO GET TO THE POINT (click here)
I recently had the pleasure of reading a guest blog post on Peter Vogel‘s Internet, Information Technology & e-Discovery Blog that was authored by John Ansbach. This alone is important because I have a world of respect for Peter and John.
If you did not already know it, Peter is, in my view, the Godfather of cyber law and the person who has been a pioneer in this space since well before words “cyber” and “law” ever clicked together in most of our minds.
John is no newcomer in this space either and has been a vocal leader in the cybersecurity law space for years through his role as General Counsel of General Datatech, L.P., his blogging on The Ansbach Technology Blog, his speaking, and through his participation in various American Bar Association groups, where I first began to follow his work. (In fact, on May 4, 2016, John and I both will be on a panel discussing Corporate Governance meets Cyber Risk for the University of Texas at Dallas’s Institute for Excellence in Corporate Governance.)
Yesterday I wrote a post about how social engineering is one of, if not the, biggest threat that most businesses face. In that post, I talked about the business email compromise and referenced the Office of Inadequate Security‘s list of organizations that have fallen for the W-2 iteration of the business email compromise.
Last week I posted Law Firm Cybersecurity: I hate to Say I Told You So But … and blabbed on about why law firms are a prime target for cybersecurity attacks (though admittedly, I did not envision this current use discussed below).
So, you may be wondering, what does all of this have to do with John Ansbach’s post on Peter’s blog?
In Small Texas Law Firm Used in International Cyberattack, John describes exactly how attackers compromised the law firm email system of rural Texas solo practitioner James Shelton and used its email system to carry out an international phishing campaign. John knows how it worked because his company received one of the purported emails! The way the bad guys carried out this attack is fascinating and is something that could easily be done to many law firms and businesses.
Go read John’s post and then come back and tell me that you are absolutely sure that your firm or your business are not vulnerable!
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.