Security breaches are so prevalent that in an address at a major information security conference, former FBI director Robert Mueller said, “There are only two types of companies: those that have been hacked and those that will be.”
His observations remain true today, especially for law firms. Let’s see what makes law firms attractive cyberattack targets.
They hold high volumes of highly sensitive client data
Let’s start with the obvious reason. From employees’ personal information to clients’ financial data, law firms possess an enormous amount of confidential information. In 2018, the FBI reported that cybercriminals often view law firms as “one-stop shops” of information on multiple clients.
Knowing that client relationships are built almost entirely on trust, cybercriminals know they could easily ask for ransom from law firms so they won’t publicly expose sensitive and possibly damaging client information.
Cybercriminals can also easily buy, sell, and trade these data on dark web marketplaces. They can use it to steal someone’s identity for credit card fraud, take over accounts, and open fraudulent accounts.
They’re unprepared for a data breach
Due to limited budgets and lack of in-house expertise, smaller law firms usually fail to implement cybersecurity practices. For instance, in April 2016, New York real estate lawyer Patricia Doran was sued by two clients for using a vulnerable email account. The hackers read the attorney’s emails and impersonated her so her clients would wire them the $2 million deposit for a $20 million Manhattan apartment.
Moreover, lawyers aren’t trained in spotting phishing scams and are likely to fall for them. For example, in 2017, a Canadian law firm was duped into wiring a client’s money to a fraudulent account after receiving fake emails.
And lawyers aren’t the only problem. According to a report by industry experts, only 37% of law firms are vetting the cybersecurity and data management policies of their third-party service providers. As such, hackers can use vendors as entryways to infiltrate the systems of law firms.
Law firms need to prioritize cybersecurity
With the risk of client attrition, malpractice exposure, and disciplinary actions, law firms must take cybersecurity more seriously. They must require strong passwords strengthened by additional authentication methods, use disk encryption on their devices, implement effective anti-malware software, and conduct cybersecurity staff training.
If you want to go the extra mile, partner with a trusted managed IT services provider (MSP) like Netcom Solutions so you can have more advanced cybersecurity systems in place. Protect your client data 24/7/365 by calling Netcom Solutions now.
Like This Article?of our most popular posts