North Carolina is under attack by cyber criminals and those most victimized are (1) law firms & business owners; and (2) people 50 - 60+ yrs old.
The FBI’s 2017 Internet Crime Report ("ICR") findings are alarming. The 2017 report shows that U.S. victims lost over $1.4 billion dollars to cyber criminals. But one year later, the FBI’s 2018 ICR concluded that the amount of money U.S. victims lost to cyber criminals had nearly doubled from $1.4 billion lost in 2017 to more than $2.7 billion lost in 2018. (See the original 2017 & 2018 FBI ICR reports by clicking on the links at the bottom of this article).
A fairly obvious take away and conclusion from both FBI reports is this: the older the victim, generally sixty years of age and older, the more money cyber criminals steal from them. Contrary to what many think, more than 30% of victims of cyber crimes are small businesses including small and medium sized law firms (some studies put that number at 50%). Cyber criminals are turning to law firms because they want client’s personal and sensitive information since lawyers tend hold valuable records and documents on behalf of clients, such as financial records, asset apprails, bank account information, trusts and estate planning legal documents, social security information, investment portfolios, tax information, commercial transaction information, trade secrets, intellectual property, and much more. Such information can get a cyber criminal a high payout when sold on the deep web.
What the FBI reports do not explicitly state, though enough independent articles have been written about it, is that cyber criminals have begun to hack into lawyer’s e-mail accounts with much more consistency and success than ever before in order to look for and retrieve client confidential information. Part of the reason that this has been occurring is due to many lawyers' use of unprotected and vulnerable e-mail accounts.
Elder Law Cyber Crimes
In 2017 alone, elder law cyber crimes exceeded losses of over $342 million. Virtually all victims were over the age of sixty. In 2019, my research suggests that estate lawyers and elder law firm’s will be targeted even more than before due to the tendency for estate lawyers and elder law firm’s to also use unprotected technology that poses no real challenge to today’s cyber criminal. These hackers have successfully stolen a law firm’s checking account information, IOLTA account information, and clients private information for their own gain.
Tech Support Fraud
Tech support fraud is also growing and includes a criminal claiming to have the knowledge to give tech support to an innocent individual for the sake of gaining access to that individuals personal hardware and accessing personal information that may be stored on it. Losses in 2017 solely stemming from fraudulent tech support amounted to $15 million… a 90% increase in losses from 2016!
Economic Damage from Hacking Business Email's
Business email compromise attacks in 2017 cost over $675 million in losses to victims. Then in 2018, only one year later, losses stemming from business email compromise almost doubled to over $1.2 billion! That is an incredible amount of money being stolen due to individuals of all professions not knowing, and not caring enough to learn or hire a professional to set up a safe and proper business e-mail.
I personally knew quite a few lawyers who used, and may continue to use, Gmail accounts as their business e-mails. Some purchased a domain name and linked it to the Gmail server believing that the usage of a domain name linked to the Gmail server somehow protected their email communications. But ignorance is bliss. There are so many lawyers and other professionals using unprotected business e-mails today that it makes perfect sense why last year we had more than $1.2 billion dollars in losses just from business email hacks. It would not surprise me to see that for 2019 the amount in losses to victims from business email hacks increased to more than $2 billion dollars.
This incredible statistic highlights the utmost importance of either: (1) choosing a safe e-mail provider, learning how to install adequate encryption, the importance of learning how to set up and use key codes for encrypting e-mails, and other tactics available; or (2) hiring a professional to do it for you. With over $1.2 billion stolen last year, and with expectations being that the amount to be stolen in 2019 will substantially surpass 2018’s figure, the cost of hiring a professional is minimal when one considers all the factors at hand. The FBI’s formal statistics shows the following: Put together, cyber crime victims lost over $1.40 billion dollars in 2017. In 2018, the losses to victims almost doubled to $2.71 billion lost. It is clear that cyber crime is not slowing down, to the contrary, it is growing at alarming rates and we hear more and more about at all levels of life, from the private sector to the government to giant corporations and more. North Carolina lawyers are also increasingly being victimized.
*For the record, I am not saying that Gmail does not offer any level of security from hackers, because they do to some extent. But the level of protection offered is likely insufficient for lawyers and other professionals who have a duty to maintain and protect client confidentiality. In addition, there are different security problems with Gmail that users may not know about but that are equally dangerous. Luckily, there are steps that a lawyer and other professionals can take to add suitable additional security. However, these are detailed topics that deserve their own published LinkedIn article so I will discuss them on a future article post.
Cyber Crime Victims Over the Age of Sixty
In 2017, victims by age group were much higher for those over the age of 60 — they included 49,523 total victims with a total loss of $342,531,972. In 2018, those over the age of 60 were once again the main victims and included 62,085 total victims with a total loss of $649,227,724 – almost double the amount lost from the previous year. The reason for the rampant victimization of the elderly is due to their lack of knowledge of technology. And with North Carolina lawyers practicing until very old ages, it is a recipe for potential catastrophe if they do not have proper cyber security and guidance.
In 2017, North Carolina was not on the top 10 list of U.S. states by victim loss. But for 2018, North Carolina had made it onto said list and we were tied with California, Texas, Florida and New York, all having a total victim loss of more than $100 million dollars due to cyber criminal attacks.
Total Losses by Cyber Crime Victims in North Carolina
In 2017 North Carolina was ranked #17 with total losses by victim at over $22 million dollars. But by 2018, North Carolina climbed up to the #5 ranking with total losses by victim at more than $137 million dollars. In 2017, in terms of how much money cyber criminals were stealing from North Carolina victims, North Carolina came in at #15 with a loss of over $8 million dollars. In 2018, North Carolina again climbed up in the ranking to #12 with a loss of over $17 million.
Cyber crimes performed against North Carolinians is set to grow even more in 2019 and in the near future. The rising cyber attacks against North Carolina law firm’s are also expected to increase steadily.
The North Carolina Governor’s Crime Commission Report on prosecuting computer crimes in North Carolina concluded that, on average, North Carolina prosecutors did not have a great level of comfort when it came to equipment category in prosecuting these cases and that the overall average District Attorney personnel rating was below half, concluding that both prosecutors and their staff needed significant more training to prosecute these cases. However, as of 2019, it goes way beyond this. With the tech and software that is available today, one cannot prosecute a cyber criminal that can never be found due to their capacity of jumping from server to server worldwide. What we ought to be focusing on and investing in is preventive measures.
How my Professional Audit and Assessment Will Benefit Your Firm
So, at the current moment, protecting your law firm or business from the very real, growing and expensive danger of cyber crime lays on hiring a cyber crime risk assessment professional to audit and assess your law firm's hardware and software. As a previous North Carolina lawyer who ran his own law firm, and who is a life time tech-geek and a lover of all cyber security developments, I am excellently suited to perform an audit and assess your law firm's hardware and software programs to detect, find and expose any vulnerabilities, eliminate those vulnerabilities, install the necessary safety programs to protect your hardware and/or software from being infected again by those same vulnerabilities, teach you and/or your staff professional safety practices developed to prevent cyber infections and attacks, offer you professional suggestions that are tailored and best suited for your specific field of practice or work, and provide you with a formal written report about your cyber risk assessment before and after completing my audit and the custom work performed.
My goal is to safe proof your current firm set up or, if necessary, to replace the weak links and put together a modern, efficient and secure set up that will accomplish two things: (1) help you properly protect your client's sensitive and confidential information, thus, removing you from the negligent zone; and (2) to provide you and your firm with the education, tactics, hardware and software programs necessary to protect your firm or business from becoming another victim of the increasingly sophisticated and successful cyber attacks that have been incredibly efficient at victimizing North Carolinian's and several law firm's over the past two years.
New Professional Service: Deep Web Reputation Investigation
In addition to the professional audit and assessment service that I offer to law firms and other businesses, I now also offer a deep-web reputation investigation. This is a retroactive cyber security scan whose purpose is to determine if your firm or business has previously been hacked and, if so, whether sensitive information was stolen and deposited in the deep web. It is a service that is worth it for lawyers and other regulated or licensed professionals that must abide with rules of conduct, mainly the duty to protect their client's information and confidentiality, among others. The process for the deep web reputation investigation, as well as the hardware, software and mechanics used in performing it are a bit complex and in-depth. So I will publish the process and details of it on a subsequent LinkedIn article. I will discuss the process and details of this new service on a future article post.
A Former North Carolina Lawyer Experienced in IT & Cyber Risk Assessments.
If you are interested in having me conduct a professional audit and assessment of the hardware and software used in your law firm, or business, then contact me. I believe that I am perfectly suited to do so. As a former North Carolina lawyer who is experienced in IT & cyber risk assessments, and who has been a tech-geek for decades, I understand the great importance of properly protecting your clients sensitive information and confidentiality. My understandings of what is needed to run a law firm, as well as my experience in running a law firm for half a decade, using different lawyer specific software, and practicing law in various legal fields allow me to provide your law firm with a more detailed audit and assessment due to my in-depth understanding of the profession. It also allows me to spot vulnerabilities that other cyber risk assessment professionals may overlook due to their inexperience and lack of understanding the many lawyer specific software that exist.
To Discuss Any Concerns You Have and To Set Up an Appointment Call Me at 336-508-8011 or e-mail me at al@dlcgconsulting.com
-Al Calle, J.D.