Email Security

What are two free things you can do to protect your firm and its clients from email enabled cyber-crime and fraud?

  1. Protect your email account user credentials with Multi-Factor Authentication – Free with every Microsoft 365 Subscription, it just needs to be enabled. If you have this enabled, you will be prompted to “Enter a code” each time you log in from a new device.

  2. Stop cyber-criminals impersonating you in emails by creating a DMARC record – Also free, it just needs to be configured. If you don’t know whether you have a DMARC record configured, simply enter your domain name here and it will tell you - DMARC Check

These two cyber-security tools alone will protect you from MOST email enabled cyber-crime, but most importantly, it will protect your clients!

If you don’t have these tools enabled, or it has never been suggested to you, it may be time to ask why. ServiceScaler specialises in IT exclusively to the legal industry and know what is important to protect your firm its clients. Reach out to us for a no-obligation chat – (02) 9146 6339 / enquiries@servicescaler.com

TRANSCRIPT

Hi guys, Rob here from ServiceScaler. In today’s video I want to tell you about the two most important cyber security systems that you should have in place for your Law Firm to protect your email communications. Number one is multi-factor authentication. You may have noticed a post that I put up earlier this week on LinkedIn about another firm that had had their emails breached undoubtedly by a phishing email where somebody has entered their username and password thinking that it was a real or a true location to be entering that information and have had their emails breached from there. Multi-factor authentication will stop this. If somebody gets your username and password and tries to authenticate against your email system to start sending emails as you, it will prompt them for a second form of authentication which may be a SMS that is sent to your phone with the code that you need to enter or through to your phone as a via the app via an authentication app that you will need to approve that going through. So if a cybercriminal got your username and password, they’d go to login, they’d be hit with that, you would get a notification on your phone and it would stop that breach from occurring. The second thing that most firms should have in place to protect their email security is what’s called a DMARC record. DMARC records stop cyber criminals from impersonating or sending emails to your clients purporting to be you. Why this is important is that they are using this or against firms that do not have a DMARC record in place to send emails to their clients changing or updating payment and billing information so that funds are sent through to them instead of the intended recipient being the firm. Firms are acutely aware of this as I noticed that you all have a section in your email signature that says we will never change billing information or payment information via email. The problem with this is that it puts the onus back upon the client to recognize and understand this When malicious activity is occuring. Now there is a better way of doing it and that’s why setting up the DMARC record. Having a DMARC record set up is recommended by the Australian Cyber Security Commission as it stops people impersonating you. It’s really easy to check to see whether you do have a DMARC record set up on your email domain. I’ve put a link up in the post description above, that you can go, you can enter your domain name, and see if you have a DMARC record set up. If you don’t have a valid DMARC record set up on your domain, it may be time to question why you’ve never been advised of this before. This is the way that law firms are being breached by cyber-criminals. It is critically important that you get the right information and have the right systems and security setup for your firm to protect both yourselves and your clients. If you need to have your DMARC record set up it’s a very easy thing to do. It is something that we do all the time at ServiceScaler, I’d love to hear from you. Reach out to me or drop me an e-mail, give me a call, contact info in my profile, or drop me a message here on LinkedIn.

Let's work together

Contact the team at ServiceScaler today for a free and confidential discussion

Contact Us