Are you protecting yourself from computer risks?

 In Practice Management

Disclaimer: LawSkills provides training for the legal industry and does not provide legal advice to members of the public. For help or guidance please seek the services of a qualified practitioner.

Protecting yourself from computer risksThere has been a lot of talk about Trojans lately. Not the Greek variety, although they have a lot to do with the origin of the term, but the computer ones. Like the Trojan Horse these are sometimes seemingly innocuous computer programs that conceal something far more dangerous that can ravage your pc.

Trojans

Like the Horse these are often disguised as a tempting offer or gift. ‘Click here to win a holiday’ says one seemingly genuine email which appears to come from a well-known travel agency but look beneath the skin and the link is actually redirecting to a website based in Libya which uses an unpatched ‘exploit’ to install software on your computer which scans for and reports your bank details. An ‘exploit’ is a bug usually in the code of your operating system or web browser that lets the hacker plant their code on your pc.

Phishing

‘Click here to read your statement’ says another email apparently sent from your bank but it is actually from a group of scammers based in Africa who have cloned your banking site’s password entry screen in the hope of getting you to enter your details. This isn’t actually a Trojan but an example of the email phenomenon known as Phishing. ‘How do they know where I bank?’ you might ask. The answer is they probably don’t but they do know that there are only a few major banks in the UK and if they send out enough emails they will find someone who does. How they get your email address is another question and this is often where Trojans come in again. They may well have infected one of your friends email accounts and be sending mails to everyone in your friend’s address book.

The LawSkills Monthly Digest

Subscribe to our comprehensive Monthly Digest for insightful feedback on Wills, Probate, Trusts, Tax and Elderly & Vulnerable client matters

Not complicated to read  |  Requires no internet searching |  Simply an informative pdf emailed to your inbox including practice points & tips

Subscribe now for monthly insightful feedback on key issues.

All for only £98 + VAT per year.

Lawskills Digest

This can be very dangerous as they can get enough data to compose a pretty reasonable email that appears to come from your friend.

Law Society

Closer to home the Law Society recently had to issue a warning (http://www.lawsociety.org.uk/advice/articles/phishing-email-scam) about rogue emails appearing to come from the Law Society with the title Notification regarding a fraudulent activity involving [recipient name]. One thing to note is these actually did use Lawsociety.org.uk email addresses. One problem with the current internet implementation of email is that it is really easy to do what is known as ‘spoofing an email address’ to fool the system to think the email has come from somewhere other than which it has been sent from. This is likely to have been what happened here. These emails had a word attachment that incorporated malicious code, probably in the form of a macro (although the Law Society did not give any information on this).

So how do you defend against all this?

Firstly Scan – install good antivirus and anti-spamware. These will help protect you against known Viruses and Trojans – the problem is the known. More and more Trojans are exploiting what are called Zero-Day exploits that is an exploit that has not yet been fixed or protected against.  A number of these will disable your antivirus tools which is an obvious problem. There are a number of good online tools to help rectify the situation and it is worth running one of these at least weekly. https://www.staysafeonline.org/ has a good list.

Secondly block – a Firewall is a very good idea. Basically a firewall blocks internet traffic. Now if you blocked all internet traffic that might not be a good idea but most firewalls let you determine what to let through. Your internet router probably already has a firewall which will block calls to computers inside your network and only let a restricted list of calls out. You might also want to turn on your PCs own firewall (built into Windows) This is particularly useful if you use third-party Wifi a lot as you can’t rely on their firewalls. I usually configure my firewall to not allow any access unless authorised. This can frustrating but makes it really obvious when say the paint program (once a common target for replacement by a Trojan) suddenly wants to access the internet. I will of course authorise the web browser and mail clients. Another form of blocking that can be useful is to block macros from running by default in Word – you can always enable them when required.

Thirdly verify – don’t open email attachments unless you are absolutely certain where they come from and even then save them first so your antivirus gets a chance to scan them. Similarly never click through a link in an email without first checking the actual path of the link – most mail clients will let you see the actual address by either hovering over the link or right clicking. If it is supposed to be say from your bank but instead of www.yourbank.com<http://www.yourbank.com/> it is some strange mix of characters or someone’s name don’t click it. Actually if it purports to be from your bank never click it – they don’t send out links. For attachments that are word documents be very cautious of any containing macros even if the document itself passes a virus scan – as I mention above it is best not to run macros unless you are absolutely certain of the source. Remember no one is likely to object if you give them a quick call to verify that an email really came from them.

So in conclusion remember 1, Scan; 2, Block; 3, Verify and you can reduce your risks.

 

FREE monthly newsletter

Wills | Probate | Trusts | Tax  | Elderly & Vulnerable Client

  • Relevant learning and development opportunities
  • News, articles and LawSkills’ services
  • Communications which help you find appropriate training in your area
Recommended Posts
Busy lawyers Financial Management