Attacks and Breaches

A former tech CEO once said, “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.”

Attacks are inevitable, and breaches are becoming more frequent. If we know what to look for we can reduce our risk and minimize any impact to the Firm and our clients.

Common types of cyberattacks include:

• Malware: The installation of malicious software on a computer that can steal login and usage information (spyware), lock up files for money (ransomware) or otherwise compromise the computer.
• Phishing: Cyber-attackers use malicious email messages that appear to originate from someone familiar or create a sense of urgency in an attempt to compromise the computer or steal data.
• Man-in-the-Middle Attack: Attackers may be able to insert themselves into communications between computers and listen in on the ‘conversation’.
• For example, if you use unsecure public WiFi, an attacker could lurk between your device and the network. As you pass your information through, the attacker can filter and steal the data as well as install malware to access your device again later.

Technology teams are constantly reviewing systems to protect organizations from malware and deploys thousands of patches each month to workstations, servers, applications, and other infrastructure. You can help protect your organization by:

• Knowing that you are a target.
• Taking care when browsing the web/reading email.
• Following security policies and promptly installing updates.
• Security policies describe behaviors and responsibilities identified by Firm leadership that all Firm staff and contractors must follow to more completely protect client data.
• Installing updates and rebooting may be inconvenient, but not as inconvenient as installing malware!