Does your website or other service providers have you covered?
Approximately 30,000 new websites get hacked every single day. (Source: Forbes)
Did that number strike fear in your heart? How about this one?
The number of general online threats has increased by six times their “usual” levels as a result of the pandemic, with the FBI reporting a 300% increase in the number of cybercrime cases during COVID-19.
What should you do if your law firm is on the receiving end of a cyber threat? Or worse – a victim? Being a victim of a cyber crime means potentially having confidential information breached, such as case information, financial information, etc. You owe your clients a duty of care of to safeguard their information. So, what should you do if you find yourself in this situation? Because it could happen (*cough* Mossack Fonseca *cough* Panama Papers *cough*)
How to Tell Whether Your Website Has Been Hacked?
With technology evolving every day, it can be difficult to tell whether your site has been hacked until it’s too late. Here are 4 ways to tell whether your law firm’s website has been hacked:
1. Google Search Console
In Google Search Console, Google will inform you of several different security issues, which include:
- Phishing and deceptive sites
- Cross-site malware warnings
- Code, content, and URL injections
- Server configuration, SQL injection, code injection, and error template malware infections
You can view this information by heading to Google Search Console and then clicking on “Security & Manual Actions” on the left side menu. We track these changes in real time with email alerts setup to our technical department. You can to. Make sure your email address is included in your Google Search Console account attached to your website.
2. Google’s Safe Browsing Tool
Google’s Safe Browsing tool offers one of the fasted and most effective ways of identifying whether your website has been hacked. You simply type in your URL and Google will let you know whether there are issues with your site.
3. Check Your Notifications
If your site has been hacked, you will likely receive emails from your hosting provider. If you have a system administrator, reach out to them as well and ask them to check if you suspect anything.
Web browsers, such as Google Chrome, will display a red screen which notifies you regarding whether a website is unsafe.
4. Hacked Sites Troubleshooter
This is one more way to check whether your site has been hacked. This tool was created to help you find the hacked content on your site, finding any remaining issues following a hack, but can also easily be used to determine whether your site has been hacked.
But what about other types of threats that do not involve direct hacking?
What is a ransom-driven DDoS attack?
As once again ransom driven DDoS attacks are on the rise. For those not familiar, a ransom-DDOS attack is when an entity threatens to launch a DDoS attack against an organization’s website and/or network infrastructure unless a ransom is paid prior to the given deadline. Typically, before the entity sends a ransom note to the organization, they plan to attack they conduct a small DDoS attack as a form of demonstration.
DDoS stands for distributed denial-of-service.
Cloudflare defines a DDoS attack as: “A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.”
Check out our article Increase In Ransome-Driven DDoS Attack Threats: Here’s What Your Law Firm Should Know to learn more about how to handle a ransom DDoS attack.
Steps to Take When the Security of Your Law Firm’s Website Has Been Compromised
1. Contact your system administrator or in-house IT department.
If you’re working with a web developer, system admin or have your own in-house IT department, contact them immediately. If you’re a client of ours, that’s us.
2. Reset all passwords.
By all passwords we mean every single account that associated with your law firm including: your website, social media accounts, Google My Business (and all other Google tools that your firm uses), and every other site you use. If you haven’t already, while you’re changing your password consider setting up two-factor authentication when available.
3. Assess the damage.
Your system administrator, web developer and/or in-house IT team can help with this step. If you are that person, then this is the stage where you’ll want to conduct a thorough investigation into what was compromised, how it was compromised and gauge the full extent.
This is the stage in which you’ll want to scan your devices for malware. Some other ways to protect your devices, and ultimately information, is to ensure that your Operating System is up to date and make any other necessary software updates to your devices. You’ll also want to check your devices to determine whether the hacker left any software on your machine.
5. Send out notifications.
If information has been compromised as a result of the hack, you’ll need to send out notifications based on the information you gathered from assessing the damage. In addition to notifying clients whose information may have been compromised, you’ll also want to contact any relevant financial institutions to inform them of the hack so they can put alerts in place to mitigate any fraudulent charges.
6. Take preventative actions.
Check to make sure that your software updates for your law firm’s devices are set to automatically update. Be cautious opening emails, especially those containing links. Always enable two-factor authentication (when possible). Use complex passwords – and don’t use the same password for everything!! Use caution when using public Wi-Fi.
Remember that if your organization does fall prey to a hack, the faster you take action, the better off your law firm will be. Moving quickly is key. But don’t feel pressured to pay service providers additional money to recover from a hack.
When it comes to fixing a site after a hack, there is no simple approach. Each hack is unique and the network, information, etc. that have been compromised are all just as unique, meaning there should be no one size approach to solving the issue.
Whether the hack was a result of easy to break passwords, malware, or unsecured website, a hacker can quickly do catastrophic damage. It is with this knowledge that Precision Legal Marketing has carefully crafted our security plan.
With top-notch security measures in place, clients of Precision Legal Marketing can take solace in knowing that we’ve got your back. When finding a partner to build and host your law firm’s website, always ask about their security measures to prevent cyber attacks and how they handle a breech if it ever did occur.
Curious to learn more about how Precision Legal Marketing could offer your law firm that peace of mind? Get in touch with us today to learn more by sending a secure message via our website.