By Aaron H. Wallace, Esq.
Cyber security is a universe and a language all its own. New terms are entering the vernacular all the time. Acquiring fluency can help lawyers bridge the gap between what they know and what they need to know to protect their practices.
Too often, lawyers shy away from cyber security preparedness because the complexity of it all seems foreign and overwhelming. But knowledge is power. Once you’ve learned the language, you are better equipped to wage war against cyber criminals on this new virtual frontier.
The Cyber Security Glossary for Florida lawyers defines the essential terminology you need to know — all situated in the context of modern law practice.
Allowlist — A master list of email addresses, ISP addresses, domain names, or entities that are known to be trustworthy and are granted privileges (such as access to your systems) by you or your IT administrator. Its antonym is “Blocklist.” See also: Whitelist.
Antivirus – A software program that monitors a network or device to detect, isolate, prevent, and/or remove malware or other malicious code. While no antivirus software can provide 100% protection, it can be a powerful tool in your law firm’s cybersecurity arsenal. Some versions of antivirus software may focus on specific kinds of malware (for example, antispyware software guards against spyware).
Assessment — A professional process by which a cyber security expert will audit or otherwise assess your law firm’s devices, network, and systems to determine the sufficiency (or vulnerabilities) of your cyber security defenses. Assessments may be complemented by penetration testing and other kinds of testing.
Authentication — The process by which a technology system verifies that a user or other entity is authorized to access the system. Authentication may also refer to processes designed to prevent bots from entering a system, such as CAPTCHA.
Backups — A copy of your data that is stored either offline on a redundant device (such as a spare hard drive, USB device, or data stick) or in a cloud-based storage system. Backups allows you to recover your data if your device is lost, stolen, compromised with malware, or locked via ransomware. Caution: if your device has been compromised with malware, your backup devices could be infiltrated too. Speak to an IT expert as soon as possible to determine the security of your backup processes and devices.
Bad actor — A common phrase used to describe a cyber criminal or hacker (not to be confused with a theatre critic’s opinion!)
Bot — A software program designed to automatically execute routine tasks, usually with the intention of replicating or imitating human behavior. Some bot activity is harmless and even desirable. But bots can also be used for nefarious purposes, such as making rapid and successive attempts to access your systems. Bots can attempt rapid password entry, send spam email, distribute phishing attempts, aid in DOS and DDOS attacks, etc. “Bot” is short for “robot.”
CAPTCHA — An acronym that stands for “Completely Automated Public Turing test to tell Computers and Humans Apart,” CAPTCHA is a program that presents users with a challenge to prove they are human and not a bot. It is often described as a “challenge-response test.” One popular form of CAPTCHA is a reCAPTCHA, which you may recognize from your day-to-day internet activities.
Clickjacking — The cyber crime practice of masking a malicious link behind what appears to be legitimate clickable content
DoS — A Denial of Service (DoS) attack attempts to flood a server, website, or network with excessive traffic in order to overwhelm the available bandwidth and resources. DOS attacks are easy for bad actors to initiate, and they can even be executed by a lone, relatively unsophisticated individual. Accordingly, they are very common, but common defense systems in place at major websites and webhosts have a high rate of success against these attacks. Check with your webhost to ensure that best-practice DOS defenses are in place. See also: DDoS (below).
DDoS — A Distributed Denial of Service (DDoS) attack is similar to a DoS attack, but it is launched from multiple locations simultaneously. This characteristic makes DDoS attacks both harder to initiate and harder to defend against. A bad actor capable of successfully executing a DDoS attack must be assumed to be capable of other sophisticated and malicious schemes. Indeed, a DDoS may be a sign of a broader or multifaceted infiltration attempt. However, it is important to note that both DoS and DDoS are attempts at infiltration. A successful DoS or DDoS attack may or may not result in a successful infiltration.
Firewall — A mechanism that puts a “virtual wall” between your network and outsiders, designed to control all the traffic that comes in or out of your network in order to limit access and prevent unauthorized/undesirable entry
Hacktivism — The use of malicious/illegal hacking techniques to advance a social cause or promote a particular belief
Infiltration — A bad actor’s successful access or entry to your devices, network, or systems. Infiltration can happen through hacking or through less forceful means, such as acquiring legitimate password credentials from authorized users (see: “Social Engineering”).
Internet of Things (IIoT) — This concept refers to the network created by communication between the various devices, systems, sensors, and software in your personal and/or professional life. For example, your smartphone, refrigerator, toilet, home security system, thermostat, automobile, and other such “things” may all be smart-enabled and capable of communicating with one another — and with the broader internet. Many of the “things” in your home, office, and car may be “smarter” than you realize, connected to the IIoT without your even being aware. Each “thing” in the IIoT creates a theoretical point of access to your systems.
ISP — Your Internet Service Provider (ISP) is the organization that provides your internet connectivity. You may have one ISP providing connectivity for your law firm and another providing connectivity at your home. Depending on your account plan and preferences, your ISP may also provide some of your other internet services, such as email, domain registration, web hosting, etc.
Keylogger — A software or hardware device used by a cyber criminal to record your keystrokes. By using a keylogger, a criminal can watch and record everything you type on your computer or mobile device. Keylogging gives criminals access to passwords, login credentials, sensitive client data, personally identifiable information, and other data.
Malware — A term used to describe any malicious software or program. Ransomware, adware, spyware, Trojan programs, and viruses are all forms of malware.
Multi-Factor Authentication (MFA) – A feature that requires a user to enter more than one credential in order to access a system, server, network, device, or account. When exactly two credentials are required, it is referred to as “Two-Step Authentication” or “Two-Factor Authentication.” When two or more credentials are required, it is referred to as “Multi-Step Authentication” or “Multi-Factor Authentication.” While MFA does not provide 100% protection, it does make infiltration much harder. Generally speaking, lawyers should employ MFA wherever possible.
Network — Two or more computers (or servers) that are connected in order to share resources (such as a printer or hard drive) or exchange information. See also: “Server.”
Personally Identifiable Information (PII) — Any data that could be used, whether in isolation or in combination with other data, to identify a specific individual
Phishing — An email sent by a bad actor in order to infiltrate your systems or otherwise compromise you. The email may look entirely legitimate at first glance. Phishing is the most common type of cyber attack — and the most frequently successful. Countless law firms have been targeted, and many have fallen prey. See also: Phishing 101 for Florida Lawyers
Ransomware — Malware designed to lock you out of your system, files, or devices, essentially holding them ransom until you or your firm pays the attacker a sum of money (most often in the form of cryptocurrency). Once installed, ransomware is sometimes designed to be time-delayed so that you unwittingly transfer it to your backup systems prior to discovering it, meaning that your backups are held for ransom too. The criminals will sometimes publicly disseminate your PII or other sensitive/confidential data as penalty for refusal to pay. However, paying the ransom comes with its own set of serious adverse considerations. Anyone facing suspected ransomware should contact a cyber security expert and notify law enforcement right away.
Server — A type of computer or hard drive (or other such system) designed to exchange information with other computers. Often compared to a filing cabinet, a server is frequently used to store, receive, and transmit data. Multiple servers exchanging information with each other comprise a network. See also: “Network.”
Social Engineering — A psychology-based form of cyber attack in which a bad actor makes contact with an individual in your firm and attempts to dupe that person into trusting them enough to share valuable information. Social engineering attacks can be extremely convincing and sophisticated. The victim may not even realize that the information they are imparting could be of value to a cyber criminal.
Smishing — A form of phishing (see above) that uses text messages (e.g. SMS, iMessage, etc.) instead of email
Spam — Unwanted and unsolicited communications, often sent to a mass number of recipients at the same time, frequently with a commercial advertising objective. Spam usually takes the form of email but can also be transmitted by telephone, text message, U.S. mail, social media, etc. Most spam is annoying but harmless; however, some spam messages contain malicious links, harmful attachments, etc.
Spoofing — Refers to a criminal’s ability to disguise the source of a communication (such as a name, email address, IP address, etc.)
Spyware — A form of malware (see above) that monitors your computer/internet/network activity and reports that data to an unauthorized party. This can happen without the victim’s knowledge. Spyware can be used to facilitate targeted advertising or for more nefarious purposes, such as collecting data that will support an intrusion attempt.
Trojan — Named after the Trojan horse of Greek legend, this term refers to a file that appears to be legitimate but contains a malicious element (or “payload”) embedded inside it
Virus — A form of malware designed to spread from one infected device to multiple other devices. Like a human virus, computer viruses spread primarily as a result of human activity. Accordingly, they are designed by bad actors to take advantage of predictable human behavior. Viruses vary substantially in terms of their complexity, severity, danger, function, and ability to spread.
Vishing — A form of phishing (see above) that uses VoIP (see below) instead of email
VoIP — Voice over Internet Protocol (VoIP) is a type of telephone system (also known as “virtual telephony”) that uses an internet connection rather than a traditional land-based phone line to transmit and receive telephone calls. VoIP systems can make and receive calls to telephones that are connected to traditional land lines.
VPN — Often described as a “private virtual tunnel,” a Virtual Private Network (VPN) allows you to establish a private and secure connection to your network even while using public internet connections (for example, at an airport, cafe, or hotel). The VPN masks your IP address and physical location. VPNs may also be used to maintain reliable and secure access while traveling domestically or abroad.
Whitelist — See “Allowlist” above. “Whitelist” is also sometimes used as a verb to mean the act of allowlisting. Its antonym is “Blacklist.”
Wire Transfer Fraud — A scheme in which criminals use phishing, social engineering, or other tactics to divert wired transactions so that the funds are sent to the criminal rather than the intended recipient. In many cases, it may be impossible to recover the client’s funds. In one common scenario, criminals utilize an account number that is off by just one digit from the intended recipient’s account, then send wiring instructions (masked to appear legitimate) so that the unsuspecting law firm wires funds to the criminal. (For best practice reminders, see our printable one-sheet on avoiding wire transfer fraud.)
Zero-Day — This term describes a scenario in which bad actors know about a security vulnerability in a given piece of software or hardware but designers/vendors do not. By the time the vendor becomes aware of the vulnerability, the bad actor may have already exploited it.
About Florida Lawyers Mutual
Created by The Florida Bar so that Florida lawyers would have a high-quality source for professional liability insurance, Florida Lawyers Mutual is the state’s only direct-write lawyers’ professional liability insurer and the only one created by The Florida Bar. A-rated by AM Best for Excellent Financial Strength and owned by its member lawyers, Florida Lawyers Mutual offers high-quality policy features (including an automatic cyber liability endorsement on every policy at no additional premium cost — with increased limits options available to qualifying applicants), valuable membership benefits, and legendary member service. The Company recently declared an historic member dividend and launched an extensive library with 33+ hours of cost-free CLE for its member lawyers.* Learn more or apply for coverage at www.flmic.com.
*Dividends are paid at the sole discretion of the Company’s Board of Directors. This year’s dividend does not guarantee the payment or amount of future dividends.
Get a Quick Premium Indication with no obligation: