Digital evolution has brought a wide range of benefits to law firms. It is now commonplace to use video meetings to reduce travel time. Attorneys on different sides of the country can collaborate digitally. Evidence-gathering and even juror vetting have improved thanks to social media. However, not all changes related to digital technology are positive. Cybersecurity is all too often overlooked by small and even medium-sized law firms, despite the fact that there are numerous opportunities for improvement and change.
What is Phishing…
Phishing has become an art today. To be fair, businesses in every industry on the planet are at risk of falling victim to phishing attacks, but law firms are frequently targeted. In fact, one study found that almost 60% of the emails received by the average law firm were actually phishing attacks.
Not sure what a phishing email is? It’s actually simple – an attacker sends an email representing themselves as someone trusted by your firm, perhaps a paralegal you’ve worked with, a potential new client, or maybe even one of the partners.
The email is an attempt to gain access to information within the firm, either by asking for it outright, or attempting to trick the recipient into providing it in some other way. One of the ways is by clicking a link to a fake website where they log in using their credentials, which are logged during the process.
The story of Mossack Fonseca should be a cautionary tale for law firms all over the world. With 11 million client files leaked, the law firm quickly went from one of the most trusted and respected in the industry to not existing at all. That’s right – a 40-year history came to nothing because of that massive information leak. Of course, there were other sordid details that helped bring about the firm’s downfall – the principals are facing money laundering charges, for instance – but the information leak was the beginning of the end.
Symantec points out that malicious attacks are still on the rise, and there are new threats facing businesses in all industries. Some of the attacks can be formjacking, in addition to ransomware, phishing, and cryptojacking. Firm size is no defense, either. Small firms are just as likely to be targeted by attackers as large firms, and often lack the necessary safeguards to prevent major damage.
These are just a few of the areas law firms need to be aware of when it comes to cybersecurity within their own business.