Here’s where the IT department and the rest of the estate planning and Elder Law firm can get into what we like to call “spirited debates.” You realize that you haven’t gotten a response to your emails from a really important client for a week. You ask your paralegal if she’s heard from Mrs. Jones. No, she has not. Then it hits you: Mrs. Jones and a week’s worth of her emails are sitting in the firm’s blocked email senders file. You can almost feel your blood pressure rising, can’t you?
We know you want to say “Let everything in so that this doesn’t happen again.” But that’s dangerous.
Protecting your law firm against email spammers requires a delicate balance between providing the level of protection necessary against spam email and making sure that you get the emails that you need to serve your clients. It should not happen often, but it does happen.
“Phishing” is still around because it still works. Phishing is the use of spam emails that seem to come from a legitimate company, even one that you do business with, but the goal is to get you to provide a credit card number, PIN number or other bit of information that will let the hacker gain access to accounts. It’s easy to cut and paste company logos, and thieves are really good about presentation, so many smart people fall pretty to phishing. One key to look for: misspelling is common, the URL that the email comes from is often a weird version of the bank or other company’s address (i.e., @uspasears.biz, rather than @sears.com) and the request is urgent.
Ransomware attacks are becoming more prevalent. Ransomware is an attack on your system that demands payment, usually in digital currency, or your entire system will be destroyed or published. In some instances, paying the ransom does not help and your data will be deleted. Often access is through phishing email that seems innocuous. But ransomware can also come from clicking on links on social media sites like Facebook, Twitter, and even instant message chats, including Skype.
Make checking spam filters or blocked emails a daily task. A trusted employee, one with common sense and some digital savvy, should be trained by your IT department on how to review these emails for two purposes: making sure you don’t miss any legitimate emails and allowing the IT department to be more familiar with the emails that need to be allowed.
“White list” important domains and emails. White listing in advance will ensure that emails from these domains and senders will not get caught in spam filters.