The term "attorney-client privilege," often heard in crime procedurals on TV, speaks of the level of confidentiality that exists in the legal sector. Due to the nature of their work protecting organizations and individuals, law firms receive and handle some of the most sensitive information in the world. Unfortunately, this makes them a prime target for hackers who want to infiltrate their networks and steal that information. The goal of these cybercriminals is usually to sell that data to interested parties or to restrict access to their targets’ own networks, which for law firms can be crippling.
Since 2014, an investigation revealed that over 100 law firms have notified authorities of data breaches, and this number only encompasses 14 states. Major law firms, mid-size firms, solo practitioners, and even law schools were affected by these attacks, which goes to show that no one is safe from cyber crime. Given its scope, a good place to start mitigating the issue is by identifying the biggest risks. Here are the leading cybersecurity threats that law professionals should know:
Phishing techniques
According to Law.com’s report, phishing is the most common form of breach within the legal sector. This increasingly sophisticated technique usually involves sending e-mails or links to websites made to trick the recipient into submitting log-in credentials or sensitive information in response to a particular request. The e-mails and sites look legitimate and aim to establish trust between the sender and the recipient.
Phishing e-mails can cast a wide net and usually start with generic address lines (e.g., Dear ABC Firm Employee) or can be highly targeted (e.g., Dear Attorney Smith), depending on the goal of the attack. Within the legal community, this can mean getting lawyers to sign important documents or sending classified information that can compromise their ongoing cases or their clients.
Spoofing
Spoofing is a technique involving third parties as primary targets. Using similar methods as phishing, hackers impersonate firms or their employees in getting third parties, whose cybersecurity practices may not be as stringent, to reveal confidential data.
Snail mail scams
Because of the growing number of risks that plague the industry, one precaution that the American Bar Association endorsed is to avoid sending documents through unsecured networks. Instead of sending them online, many legal professionals opt for the old-fashioned yet effective method of sending paperwork through mail. However, an article on a new scamming technique involving snail mail indicates that it is just as vulnerable as digital forms of communication.
Scammers are intercepting letters sent in the post by making unauthorized changes to the recipient’s address or re-routing mail that lawyers send or receive. This can be especially stressful for client correspondences, but a common target is regular mail, like banking and financial bills. In this regard, a post on autopay and electronic banking highlights how going paperless will not only reduce paper waste, but it can also help with boosting cybersecurity. Provided that users take the necessary precautions like secure logins, e-mails containing professional information (like case files) as well as personal information (such as finance accounts) are much safer with a digital trace.
Malware attacks
Software specifically designed to block or damage networks are called malware. Bugs, viruses, and spyware belong under this classification, but an even more sophisticated — and threatening — form of this is ransomware. As the name suggests, the malicious software encrypts a target’s files or entire networks and holds them for ransom. However, “paying the ransom” or doing what the malware demands does not guarantee that the hackers will put an end to the attack.
In 2017, the global firm DLA Piper was forced to go on lockdown, suffering significant losses, after a ransomware attack rendered their computers inaccessible. Attacks similar to this can mean losing current clients and cases, not to mention how it can damage reputations and deter prospective clients. So, it is definitely something that no lawyer wants in their resume.
Sensitive data leaks
In many cases, data breaches or insider leaks happen due to the lack of cybersecurity awareness among employees. In a previous write-up, we echoed FBI Supervisory Special Agent Elvis Chan’s sentiments that nobody is safe from hackers. This is especially true for businesses that handle sensitive data day in and day out, like law firms. The only way to make even the most advanced cybersecurity measures effective is to hold ongoing employee training.
An article written exclusively for Innovative Computing Systems, Inc. by Summer Westfield.
Image credit: Unsplash
Comment on this post