InfraGard is a partnership between the FBI and the private sector. It is an association of representatives from businesses, academic institutions, state and local law enforcement agencies, and other entities dedicated to sharing information and intelligence to prevent hostile acts in cyberspace against U.S. businesses, agencies, and individuals.
Hilltop Consultants is a member of this organization. We have joined so that we can have access to critical security alerts which are shared by Infragard.
On January 10th, 2017, Jim Turner our President and CEO attended their annual meeting. One of the speakers was National Counter Intelligence Executive, William Evanina.
One if the key points that Mr. Evanina made was that law firms are prime targets for attacks by state actors from both Russia and China. The primary method for accessing and exploiting law firm networks is "spear phishing". The goal of these state actors is to access your network and exfiltrate the data. In some cases, they also wish to take over the law firm network. The hackers are not just looking for law firms that deal with highly sensitive government information. They are looking for information that can be used to exploit and manipulate businesses and individuals.
To get a better understanding of "spear phishing" and the risk it poses to you and your business, visit this page from the National Counterintelligence and Security Center.
View the "Don't Be THIS Guy: Spear Phishing" video: https://www.ncsc.gov/spearphishing.html
While some email security systems will block out some mass phishing emails, automated systems are not as effective when a single individual is being targeted by a bad actor. The only way for individuals and business to protect their networks, data, and reputation, is to become aware of this kind of threat. All staff, attorneys, and partners must learn to identify suspicious emails and know the proper actions to take after receiving these emails.
In order to better assist and protect our clients, Hilltop Consultants now offers a service that can test your staff's susceptibility to "spear phishing" and will also educate everyone on how to identify suspicious emails.
We strongly recommend that you start using this service to educate your firm and protect your clients, network, and reputation.