Lawyers Getting Hacked:
Most Popular Cyberattacks on Law Firms
From the time of their first email to the last signed document, law firms are under constant surveillance from cyber criminals. From phishing scams to ransomware and malicious websites, hackers know exactly where to strike to cause the most chaos. Rather than a once-in-a-blue-moon event, lawyers getting hacked is a commonplace occurrence for many firms. It’s almost as if there’s some hidden, “Get Hacked” switch that nearly all law firms have within them.
If you’re reading this and thinking, “that won’t be me,” you’re wrong. It just hasn’t been you, yet.
We are excited to announce our e-book on Top Law Firm Hacks Throughout History, available to download for free. This e-book will cover some of the most popular law firm hacks throughout history including some you may not have heard of prior. We will also be providing some advice for avoiding common law firm pitfalls.
Below is a short glimpse into topics you can expect from our e-book.
Why are Law Firms an Attractive Target?
Due to the nature of their industry, law firms are becoming a more attractive target. Law firms and in-house legal teams gather a ton of sensitive information, an example such as tax returns can arise during their corporate legal and M&A (mergers & acquisitions) work, litigation, and other legal services. Businesses may suffer reputational and financial damages if they were to ever suffer a breach, especially if their data is compromised. According to a recent analysis from the security company CrowdStrike, average ransomware payouts are above $1 million.
Unfortunately, legal companies are usually more vulnerable compared to other business types. In a report published in May 2020 by the security company BlueVoyant, it was discovered that all law companies were the prime target of focused threat activity, and 15% of a global sample that included thousands of law firms had networks that were already infiltrated.
According to research released in October by the American Bar Association, it was discovered that 36% of legal firms had previously experienced malware infections within their systems and that 29% of law firms had reported a security breach, with more than 1 in 5 admitting they weren’t sure if one had ever occurred.
Robust security measures not being used could be a part of the problem.
Only 43% of respondents utilize file encryption, less than 40% use email encryption, two-factor authentication, and intrusion prevention, and less than 30% use full disk encryption and intrusion detection, according to the 2020 ABA Legal Technology Survey Report.
Law Firms as Critical Infrastructure
According to BlueVoyant’s report, the legal sector needs to be included on the list of 16 critical infrastructure sectors maintained by the U.S. government since it relies on networks and data that, if compromised, would jeopardize economic security or public safety. An analysis of cyber threats and vulnerabilities and information sharing with the Department of Homeland Security and other agencies would benefit law firms that handle and store government secrets.
However, legal firms may be hesitant to provide information about attacks out of concern that they would lose control of their sensitive data. Government agencies may begin to view law firms as an attack vector that requires protection as these attacks on the sector become more frequent, and information of relevance to other countries is compromised.
Considering ransomware attacks, there are a lot of factors that every firm should take into account. Along with employee training on appropriate security practices, cybersecurity steps like enabling two-factor authentication, backing up data, keeping software patched, and maintaining software updates are essential. In the case of a ransomware attack, businesses should have a plan in place that specifies what they will do, who will negotiate the ransom, and if they would pay it. Additionally, it’s beneficial for businesses to hold their data in secure cloud repositories, and it’s essential to thoroughly assess providers who keep the data.
The Most Notable Law Firm Cyber Attacks
We’ve produced a list of the most significant cyber-attacks and cyber-threats targeting law firms to highlight the escalating danger and consequences.
- Mossack Fonsesca & The Panama Papers
- JP Morgan Chase
- Oleras Phishing Campaign Against Law Firms
- UPMC Patients
- Moses Afonso Ryan Ltd.
Download our free e-book to read in detail about the top cyber-attacks on law firms.
Cybercriminals want access to a company’s data and intellectual property. Many of the most severe attacks directly involve the theft of private information to assist insider trading schemes or to commit theft and extortion of client information from legal firms.
Law firms are tempting targets for hackers. More often than not, law firms don’t take the necessary precautions to protect their data making them an easy target for malicious attacks. Law firms must do everything they can to protect their data starting with reviewing and updating their cybersecurity strategy. This includes everything from the hardware to the software they use within their network. Once they’ve identified the areas that are in need of improvement, they can implement new cybersecurity solutions to keep their data secure.
Download our free e-book today and learn about the risks as well as the most notable hacks in history! This e-book was created by a dedicated team of security experts with extensive experience working within the legal sector to provide some insight and tips to keep your company safe from cyber criminals.
Don’t forget to keep in touch with our blogs for more information and tips on law firms and cybersecurity.