Law firm computers can be hacked even if they utilize dual factor by way of phishing emails. Often such phishing emails can be detected because, although they to be sent by an email address that looks legitimate, if you carefully review it, you will find that the return email address is incorrect. If you do not notice the incorrect email address and proceed to read the phishing email, you may be asked to click on a link. When you click on the link, malware is launched onto your computer capturing your email address, password and session cookie, which will allow the hacker to later access your account directly and bypass any dual factor authentication portion of the sign-in process. To avoid being hacked in this manner, 1. do not click on a link or an attachment from someone you don't know (and be careful even when it looks like it is from someone you know, as it could be from an email address that is not exactly the same). 2. before clicking on a link or an attachment you were not expecting to receive, even if you know the sender, call the sender first to confirm that person (rather than a hacker) sent you the email. 3. if you click on a link or an attachment and either a zip file or dialog box is presented which asks you to supply additional information or a password, enable a later software version, or open the zip file, stop immediately and close out. If your firm has an IT department, contact it to have a scan run on your computer.