FEBRUARY 2026 | 57 THE OKLAHOMA BAR JOURNAL target fellow attorneys. Instead, they exploit the trust and credibility of that compromised account to reach out to everyone listed in the victim’s contacts, including colleagues, clients, vendors, family members and anyone else associated with the account. This broad approach dramatically increases the chances that someone will open a malicious attachment or click on a dangerous link, allowing the attackers to spread their reach even further. This isn’t just a tech issue. It’s a training and protocol problem. The most effective way to prevent these attacks from succeeding is to ensure everyone understands the risks and follows strict email procedures. Regular training helps people recognize suspicious messages and understand what steps to take when something feels off, whether the message comes from a stranger or from someone familiar. CYBERSECURITY IS A COMPETENCE ISSUE We’re used to thinking of competence as knowing the law. But these days, being competent means understanding and managing the risks that come with our everyday tech. Most firms have some security basics covered: spam filters, antivirus software, firewalls and maybe multifactor authentication. But tools alone aren’t enough. Human behavior is still the easiest way in for attackers. If your firm hasn’t recently taken a hard look at its cybersecurity protocols and training, now’s the time. Steps Every Firm Should Take Email handling policies. These policies are a critical line of defense against cyber threats. It’s not enough to simply avoid opening attachments from unfamiliar senders; staff should be cautious even with messages from trusted contacts, as compromised accounts can be used to distribute malicious content. Every team member should be trained to recognize warning signs, such as vague or out-of- character requests, and know exactly how to escalate or report suspicious emails. Having well- documented policies in place ensures everyone understands the steps to take when something seems off, reducing the risk of accidental exposure to phishing or malware. Verification procedures. They should become second nature in your firm’s workflow. Before acting on any request involving sensitive information, financial transactions or the sharing of confidential documents, team members must adopt a habit of double-checking the authenticity of the communication. This could mean confirming instructions with a quick phone call, using an alternate communication channel or following up directly with the sender. Making verification standard practice not only protects your firm but also reassures
RkJQdWJsaXNoZXIy OTk3MQ==