When I received a pretty bland-looking email from a former client, I was immediately and justifiably suspicious. I promptly called the firm to warn them that one of their email accounts had been hacked.
Unfortunately for the former client, the hackers had sent out their malicious email bearing the former client's name and email address to a lawyer listserv (discussion group). So hundreds of other lawyers received the same phishing email.
Then two days later we received a call from a current client. He is a member of the same listserv. He had tried to open the attachment and reported that "nothing happened," but was wondering if he should do something.
Yikes! I immediately worked with his assistant to change his email password. I remoted into their computers and scanned them with our Webroot Security software.
Webroot Security is very effective. His computer was clean and so was his assistant's computer. Our client fortunately was not affected by the malicious attachment.
You can be prepared for the day when you receive a dreaded phone call indicating that your email account has been hacked.
These are the immediate first steps to take:
1. Change your email password.
2. Scan your computer for malware.
Right now you can take other important steps to be ready ahead of time. Collect the information you will need to respond fast.
If you have cyber insurance, call the company. As noted by Sherri Davidoff, CEO, LMG Security: “You may need approval from your cyber insurer before sending a notification in order to ensure coverage for any lawsuits, investigations or PR needs that result.“ Your insurance carrier can advise you on what actions to take immediately and the services included in your policy.
If you are not insured, consult a cyber security expert to make sure you take appropriate corrective actions. Reliable experts include LMG Security and Sensei Enterprises.
When your email account is breached, you likely have duties to notify the people who may be affected. Included are those who have sent emails to you or received emails from you. Notifications by email and by U.S. Mail may be necessary to fulfill your legal obligations.
You should be guided by your insurer or your cyber security expert. You may also need to consult an attorney who specializes in data breaches. The attorney can advise you on the nature and extent of your legal obligations. They vary by jurisdiction and type of information at risk.
Consequences of Breached Email Account
The hackers' emails may contain infected attachments designed to break into the computers of anyone with whom you've exchanged emails. The hackers can steal financial account information and breach the email accounts of people who open their infected attachments.
They can also download all the emails and attachments sent and received in your account. That makes for a public relations nightmare!
Of course it is best to take actions ahead of time to both prevent and prepare for data breaches. Otherwise, you will have to move up a steep learning curve fast if you are hacked. That is stressful!
Wells H. Anderson - 888-922-1120 - moc.mrifymeruces@ofni