• Client Portal
    • Support
    • Contact Us
    • 1.800.541.0450
    • Request a Free Consultation
ICS_Logo_transparent.png
  • Practice Groups
  • Services
  • Partners
  • About Us
  • News & Events
  • Resources
  • Blog
Innovative Insights

Biggest Cybersecurity Risks for the Legal Sector

Posted by Summer Westfield | March 3, 2020 2:40 PM |

  • Tweet

Photo courtesy UnsplashThe term "attorney-client privilege," often heard in crime procedurals on TV, speaks of the level of confidentiality that exists in the legal sector. Due to the nature of their work protecting organizations and individuals, law firms receive and handle some of the most sensitive information in the world. Unfortunately, this makes them a prime target for hackers who want to infiltrate their networks and steal that information. The goal of these cybercriminals is usually to sell that data to interested parties or to restrict access to their targets’ own networks, which for law firms can be crippling.

Since 2014, an investigation revealed that over 100 law firms have notified authorities of data breaches, and this number only encompasses 14 states. Major law firms, mid-size firms, solo practitioners, and even law schools were affected by these attacks, which goes to show that no one is safe from cyber crime. Given its scope, a good place to start mitigating the issue is by identifying the biggest risks. Here are the leading cybersecurity threats that law professionals should know:

 

Phishing techniques


According to Law.com’s report, phishing is the most common form of breach within the legal sector. This increasingly sophisticated technique usually involves sending e-mails or links to websites made to trick the recipient into submitting log-in credentials or sensitive information in response to a particular request. The e-mails and sites look legitimate and aim to establish trust between the sender and the recipient.

Phishing e-mails can cast a wide net and usually start with generic address lines (e.g., Dear ABC Firm Employee) or can be highly targeted (e.g., Dear Attorney Smith), depending on the goal of the attack. Within the legal community, this can mean getting lawyers to sign important documents or sending classified information that can compromise their ongoing cases or their clients.

Spoofing

Spoofing is a technique involving third parties as primary targets. Using similar methods as phishing, hackers impersonate firms or their employees in getting third parties, whose cybersecurity practices may not be as stringent, to reveal confidential data.

Snail mail scams

Because of the growing number of risks that plague the industry, one precaution that the American Bar Association endorsed is to avoid sending documents through unsecured networks. Instead of sending them online, many legal professionals opt for the old-fashioned yet effective method of sending paperwork through mail. However, an article on a new scamming technique involving snail mail indicates that it is just as vulnerable as digital forms of communication.

Scammers are intercepting letters sent in the post by making unauthorized changes to the recipient’s address or re-routing mail that lawyers send or receive. This can be especially stressful for client correspondences, but a common target is regular mail, like banking and financial bills. In this regard, a post on autopay and electronic banking highlights how going paperless will not only reduce paper waste, but it can also help with boosting cybersecurity. Provided that users take the necessary precautions like secure logins, e-mails containing professional information (like case files) as well as personal information (such as finance accounts) are much safer with a digital trace.

Malware attacks

Software specifically designed to block or damage networks are called malware. Bugs, viruses, and spyware belong under this classification, but an even more sophisticated — and threatening — form of this is ransomware. As the name suggests, the malicious software encrypts a target’s files or entire networks and holds them for ransom. However, “paying the ransom” or doing what the malware demands does not guarantee that the hackers will put an end to the attack.

In 2017, the global firm DLA Piper was forced to go on lockdown, suffering significant losses, after a ransomware attack rendered their computers inaccessible. Attacks similar to this can mean losing current clients and cases, not to mention how it can damage reputations and deter prospective clients. So, it is definitely something that no lawyer wants in their resume.

Sensitive data leaks

In many cases, data breaches or insider leaks happen due to the lack of cybersecurity awareness among employees. In a previous write-up, we echoed FBI Supervisory Special Agent Elvis Chan’s sentiments that nobody is safe from hackers. This is especially true for businesses that handle sensitive data day in and day out, like law firms. The only way to make even the most advanced cybersecurity measures effective is to hold ongoing employee training.

 

 

An article written exclusively for Innovative Computing Systems, Inc. by Summer Westfield.

Image credit: Unsplash

 

Topics: cybersecurity

Comment on this post

Recent Posts

Categories

  • cybersecurity (127)
  • IT Tips (89)
  • Technology Consulting (73)
  • Security (55)
  • Cybercrime (44)
  • 31 Days of Law Firm Data Security (33)
  • Cloud (31)
  • Training (31)
  • Malware (26)
  • Information Security (23)
  • Passwords (21)
  • Email Management (20)
  • Email Security (19)
  • Ransomware (18)
  • Cloud Storage (17)
  • phishing (17)
  • Alerts (16)
  • Hacking (16)
  • 2FA (15)
  • Two Factor Authentication (15)
  • Disaster Recovery (14)
  • Webinars (14)
  • iManage (14)
  • Articles (13)
  • Data Backups (12)
  • Network (12)
  • ECM (11)
  • Managed Services (11)
  • Microsoft (11)
  • DMS (9)
  • ILTA (9)
  • Information Governance (9)
  • Business Continuity (8)
  • CCPA (8)
  • End of Support (8)
  • Endpoint Protection (8)
  • Partner Series (8)
  • whaling (8)
  • End of Life (7)
  • Office 365 (7)
  • SentinelOne (7)
  • ALA (6)
  • COVID-19 (6)
  • Data Recovery (6)
  • DocsCorp (6)
  • Document Management (6)
  • Employment (6)
  • Infographic (6)
  • Partners (6)
  • Privacy (6)
  • Access Control (5)
  • Antivirus (5)
  • Dual Factor Authentication (5)
  • APTs (4)
  • Client Audits (4)
  • Consumer Privacy (4)
  • Cybersecurity Infographic (4)
  • Enterprise Mobility Management (4)
  • FBI Internet Crime Complaint Center (4)
  • Federal Trade Commission (4)
  • Innovative Cloud Solution (4)
  • Mimecast (4)
  • Mobile (4)
  • Publications (4)
  • Windows 10 (4)
  • Word (4)
  • Cloud Infographic (3)
  • Duo (3)
  • Events (3)
  • Microsoft SQL Server (3)
  • Our Team (3)
  • PII (3)
  • Penetration Testing (3)
  • Remote Access (3)
  • Secret Service (3)
  • Survey (3)
  • US-CERT (3)
  • Virus (3)
  • Windows 7 (3)
  • Yahoo (3)
  • cleanDocs (3)
  • iManage Work (3)
  • videoconferencing (3)
  • ALA 2016 (2)
  • ALA 2017 (2)
  • AWS (2)
  • Advanced Persistent Threats (2)
  • Association of Legal Administrators (2)
  • Biometric Authentication (2)
  • Change Management (2)
  • EOL (2)
  • ESU (2)
  • Fortinet (2)
  • GLA ALA (2)
  • HackNotice (2)
  • Hashcat (2)
  • Hybrid Storage (2)
  • IC3 (2)
  • Identity Theft (2)
  • Microsoft SQL Server 2005 (2)
  • Microsoft SQL Server 2008 (2)
  • Microsoft SQL Server 2016 (2)
  • Mine (2)
  • Office 2016 (2)
  • On-Premises Storage (2)
  • Regulation (2)
  • SMB (2)
  • Server 2008 (2)
  • Staff (2)
  • Video (2)
  • Videos (2)
  • Vulnerability Testing (2)
  • firewall (2)
  • iManage RVAN (2)
  • ABA (1)
  • About Us (1)
  • Amazon Web Services (1)
  • Anniversary (1)
  • Austin ALA (1)
  • BYOD (1)
  • Blue Jeans (1)
  • Cindy Bates (1)
  • Citadel Information Group (1)
  • Citrix (1)
  • Cloud Communications (1)
  • Customer Service (1)
  • David Lam (1)
  • ELF (1)
  • EMM (1)
  • EMP for Windows Server (1)
  • Employment Law Forum (1)
  • Financing (1)
  • First American Equipment Finance (1)
  • GLA (1)
  • GPDR (1)
  • Golden Gate ALA (1)
  • HPE (1)
  • Hiring (1)
  • IBM (1)
  • Imaging (1)
  • Innovative Computing Systems Family (1)
  • Internet Explorer (1)
  • Internet of Things (1)
  • IoT (1)
  • KnowBe4 (1)
  • LawToolBox (1)
  • Licensing (1)
  • Los Angeles (1)
  • MaaS360 (1)
  • Michael Kemps (1)
  • Microsoft Edge (1)
  • Microsoft SQL Server 2014 (1)
  • Mitel (1)
  • Outlook (1)
  • PDFs (1)
  • Phones (1)
  • Pokémon GO (1)
  • Printers (1)
  • Privacy.com (1)
  • RSA Conference (1)
  • Recipient Checking (1)
  • Servers (1)
  • Threat Map (1)
  • Unified Communications (1)
  • User Experience (1)
  • Virtualization (1)
  • Work Product Management (1)
  • compareDocs (1)
  • eBook (1)
  • macOS (1)
  • pdfDocs (1)
  • zoom (1)
see all

Subscribe to Innovative Insights

  • Cloud Solutions
    Cybersecurity
    Managed IT Services
    IT Consulting
    Enterprise Servers & Storage
    Enterprise Content Management
  • Telephony & Networking
    Desktop Management
    Desktop Deployment
    Audits & Strategy
    Virtualization
Practice Groups
Services
Partners
About Us
News & Events
Resources
Blog
Employment
Privacy Policy
ICSLogo_Footer
Copyright © 1989–2021. Innovative Computing Systems, Inc.