Why are law firms a prime target for cyberattacks?
How safe is your firm from new cyberattacks?
Law firms are prime targets because that’s where the money is. Bank robbers rob banks and cybercriminals rob any companies holding sensitive data and money. Sensitive data creates the opportunity for hackers to convert data into money.
Remember that to hackers, law firms are banks because they hold sensitive data, including bank details belonging to high net earners. Hackers will be particularly interested in client accounts that facilitate access to retainer fees and other payments made by clients, potentially high net earners. Once a hacker accesses data such as account numbers and access information, scooping up funds from client accounts is the easy part.
Another way hackers can earn money is via ransomware. Cybercriminals can, for instance, hold a lawyer’s or paralegal’s computer hostage by installing malware. The computer, together with its data, becomes inaccessible until the ransom is paid.
How do hackers succeed?
The answer is quite simple: Cybersecurity breaches. Hackers know how profitable cybercrime is. Imagine your firm’s client account highjacked and emptied because your network security software isn’t up to date or because one of your staff used an open network.
Cybercrime is growing at a fast rate, but prosecutions have fallen. The legal industry is a prime target and statistics are alarming. In July 2018 the Law Society reported:
“More than £11 million of client money was stolen by cybercriminals between 2016-17 and 60% of law firms reported suffering from an information security incident in 2017 – an increase of almost 20% on the previous year.”
A survey conducted in 2018 by Rishi Vaidya, University of Portsmouth, UK, features startling statistics on the impact of cybercrime in the world of business. The survey states that “over four in 10 businesses (43%) and two in 10 charities (19%) experienced a cybersecurity breach or attack.”
Apart from the initial shock and panic, after a data breach, a law firm will begin disaster recovery, which means loss of time, revenue, severe work delays and a damaged reputation. Cybersecurity and staff education are firmly intertwined. One cannot function without the other.
Cybersecurity prevention – education and compliance
You’ll likely be surprised to know that some of the worst offenders of cybersecurity breaches are CEOs. Staff are right behind, and hackers are fully aware that companies often fall short of compliance relating to cybersecurity. Mobile phones and tablets are high on a hacker’s agenda but disappointingly low on a CEO’s agenda. Law firms need to prioritize the following:
- Gap analysis to fully understand their cyberinfrastructure and identify any weak links in the system.
- Vulnerability assessments, again looking for holes that could allow intruders into the network.
- An effective IT system, which should include up-to-date patches and a proactive approach.
- Security monitoring to detect and respond to threats immediately.
- Education, education, education for all employees, from the receptionist to the CEO.
Without education, all of the above may prove ineffective. According to the Information Commissioner’s Office, 88% of UK data breaches are caused by human error and not by cyberattacks. You can install the most sophisticated software to protect your company system but remember that data security policies and education are paramount.
Learn more about LDM Global’s cybersecurity services here.