Friday Afternoon, Monday Morning, and Law Firm Risk
Question: When is your law firm at its most vulnerable to scams?
Answer: When your attorneys and staffers are distracted or tired or both. To get more specific, statistics increasingly prove that most people are distracted and tired on Friday afternoons and Monday mornings. Therefore, it makes sense that cybercriminals are attacking right at those specific times.
What can you do about it? Before I answer that question, check out this excerpt from an article recently posted by KnowBe4:
Law firm employees appear to be getting better at avoiding real estate scams, says Toni Ryder-McMullin at Today’s Conveyancer. Conveyance is the act of transferring an ownership interest in property from one party to another, and the term is used mainly in the UK and Ireland.
Conveyancing scams or real estate scams involve a type of email fraud in which an attacker monitors and then hijacks an email conversation just before a payment is about to be made and directs a victim to send the money to the attacker’s bank account. These scams are the highest risk facing the legal sector, according to the UK’s Solicitors Regulation Authority (SRA).
Ryder-McMullin says conveyancing scams are also known as ‘Friday afternoon Fraud’ or ‘Monday morning Fraud,’ because attackers often strike when they know employees aren’t at the top of their game. “Conmen will target first thing Monday morning due to staff just starting their working week and perhaps not fully concentrating – or just before the weekend to avoid detection and businesses are closed for the weekend and won’t be noticed until a few days later,” she says.
The SRA says that conveyance firms appear to be waking up to the threat, with fewer cases observed last year. Rob Hailstone, founder of the Bold Legal Group, agrees that conveyancing firms are more aware of these scams than other types of legal firms, but these other firms are also vulnerable. “The takeaway is that the whole legal industry needs to be aware of this, especially as the scammers are looking at different targets than just conveyancing,” he said.
While awareness of scams is growing within conveyancing firms, attackers are stepping up their efforts to compete with an increasingly-aware workforce. Hailstone says the rising level of sophistication makes these scams harder and harder to spot. (Today’s Conveyancer has the story: https://www.todaysconveyancer.co.uk/main-news/law-firms-wising-up-conveyancing-scams/)
Now, back to the question on everyone’s minds: “What can I do about this security threat to my law firm?” Of course, the answer is new-school security awareness training.
Savvy Training & Consulting is proud to partner with KnowBe4, the world’s most sophisticated and effective security awareness training company. And, because Savvy knows the legal industry, we add value to the law firms who use KnowBe4, offering industry-specific advice for more impactful law firm trainings.
KnowBe4’s Enterprise Security Awareness Training works like this:
Baseline Testing: First, assess your law firm’s risk and your weak points with baseline testing. KnowBe4 provides baseline testing to assess the phish-prone percentage of your users through a simulated phishing, vishing or smishing attack.
Train Your Users: Second, using the information from the baseline test, train your users to be more security-aware.KnowBe4 offers the world's largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters. KnowBe4 also includes automated training campaigns with scheduled reminder emails.
Phish Your Users: Third,send fake phishing scams to test users’ adoption of the training information. KnowBe4 offers best-in-class, fully automated simulated phishing, vishing and smishing attacks, thousands of templates with unlimited usage, and community phishing templates.
See the Results: Fourth,analyze the results and train again. KnowBe4 provides enterprise-strength reporting, including both high-level and granular stats and graphs. You can even drill down to a personal timeline for each user.
If you are concerned about your law firm’s vulnerability to hackers, contact me today. I can even provide you with a couple of free tools from KnowBe4 that might help you successfully pitch this to your firm’s managers!