Client Data: Is Your Law Firm the Weakest Point in the Cyber Security Chain?

During 2016, 73 out of 100 top UK law firms were targeted by hackers. Meanwhile, many smaller firms mistakenly believe they are too small or niche to attract the interest of cybercriminals. As a law firm, the information you store and process is highly valuable. By aggressively targeting law firms, hackers seek to steal sensitive information, such as commercial secrets, intellectual property, personal information, mergers and acquisitions, and market strategies. This is why you are and will continue to be the target of cyber-attacks.

Unfortunately, several high-profile breaches indicate that the legal sector has a cyber-security problem. This is something cybercriminals are acutely aware of and seek to exploit. The issue is global, affecting firms all over the world. The revelation of the Panama Papers, for instance, was the result of a single cyberattack against Mossack Fonseca, a small Panamanian law firm. It is the largest data breach in history.

Third Party Attacks

Hackers view law firms as a potential weak point in the cyber security chain. Law firms are in a privileged position of having high levels of access within organisations, meaning a successful attack on a law firm could significantly impact other organisations and businesses.

Cybercriminals are increasingly seeking alternative ways to access large organisations. Since legal services are crucial to most industries, law firms are an ideal route into bigger targets, making them ideal for a third-party attack. By targeting smaller organisations involved in delivering third-party services, hackers seek to by-pass the larger organisation’s digital security.

If your firm does prove to be a weak point, there is no doubt the reputational damage will harm your firm and potentially jeopardise the business activities of your clients. Since trust is the currency of the legal sector, your firm could face an exodus of clients, from which it might not be able to recover.

Financial Fraud

It is not just client data that attracts cybercriminals. Hackers are also targeting law firms in order to commit financial fraud. Over an 18-month period, £85million is reported to have been stolen from British law firms. Proof that hackers are harnessing techniques that are specific to the legal sector, many have learned that law firms often transfer funds on Fridays, when housing deals are most likely to complete. Using social engineering techniques, hackers are successfully making law firms the victims of theft.

There are numerous reported cases in the media of the emails of law firms being hacked and intercepted. When successful, the firm’s clients are tricked into transferring funds to hackers’ accounts, thinking it belongs to their solicitor. Many individuals have lost life-changing sums of money as a result of these scams. This is further eroding trust between the legal sector and its clients.

Legal organisations need to address their cyber security weaknesses with the same ferocity as the cybercriminals targeting them. Strong cyber defences and ongoing, practical cyber awareness training for all staff must be a priority for all firms, or else the threat will continue to exceed the sector’s cyber resilience.

 Contact Digital Pathways for advice and support with protecting your law firm from digital security threats. Call us on 0844 586 0040 or email intouch@digitalpathways.co.uk