Since law firms handle sensitive client information and may have international reaches depending on the size of their staff, these entities are hot targets for hackers. While there are various kinds of hacks possible, they all have drastic impacts on business operations. Here are the biggest threats law firms currently face in their cybersecurity.
1. Phishing/Hacked Email Accounts
Lawyers typically use email accounts throughout their workdays and may also depend on online tools like Dropbox or DocuSign that users connect their emails to for login purposes. However, cybercriminals are getting increasingly creative about using phishing techniques to hack email accounts used by law firm personnel.
In one instance, the Texas Lawyers’ Insurance Exchange received a request to log into a document-storage service and view a file. When they called a phone number operated by the hackers, the person on the other end of the line insisted it was necessary for the firm to look at the document, which was a phishing scam. There are other cases where hackers use graphics and color schemes to impersonate sign-in screens.
Another recent incident targeted clients of a law firm in Colorado. The victims received a phony PDF file that appeared to come from the law firm. When they clicked on the document, they were redirected to a phishing website.
One of the first things to do after such attacks is to change the passwords associated with email addresses and online tools that connect to email accounts. Applying two-factor authentication to the email account is also wise.
If it’s likely clients’ information was compromised, law firms must decide when and how to inform them.
A ransomware attack happens when hackers lock down files and make their targets pay to get them back.
In June 2017, the DLA Piper law firm got hit by what initially appeared to be a ransomware attack. Later suspicions indicated it might have involved “wiper-ware,” which deletes files, but a statement from the firm seemed to negate that possibility.
DLA Piper had to shut down its digital operations around the world while dealing with the hack, including resorting to communicating with people at its law firms by text messages. Staff members received warnings not to turn on their computers. The organization contends it controlled the spread of the problem and worked with law enforcement officials.
If an organization receives threats about files getting deleted if hackers don’t receive money soon enough, they should avoid paying the ransom and speak to file recovery experts first.
3. Leaks of Sensitive Data
If law firms don’t have strong information security policies, they could be at a higher-than-average risk for hacks that make the confidential information public.
For example, in March 2018, news broke of Duncan Lewis, a firm serving England and Wales, being hacked and having their clients’ and employees’ data broadcast on Twitter via a folder. After the fact, the firm started working with authorities and warned people not to open relevant links on any Twitter feeds. For instances like these and others, artificial intelligence (AI) software may help spot suspicious network characteristics that suggest a possible hack.
Bill Gates called AI his Holy Grail technology, and analysts think AI could be a significant source of assistance for firms struggling to reduce their cybersecurity risks. They might use it to pinpoint user behaviors that might make hacks especially likely to happen or find network weaknesses and fix them.
Outside of cybersecurity, there are promising ways to use AI to automate tedious legal tasks, such as document tagging. If firms are already open to using AI in that way, they should explore how it can keep their assets more secure, as well.
4. The Risk of Legal Malpractice Allegations Due to Poor Cybersecurity
Law firms must keep files secure, whether stored on-site or in the cloud. But things get tricky if clients aren’t happy with the file security measures legal practices take. Current and former clients made a class-action lawsuit against Johnson & Bell, a firm that handles cases in Illinois and Indiana, for legal malpractice.
Although the firm didn’t experience a hack, a client, Coinabul, LLC, alleged that the establishment had numerous vulnerabilities in its online framework and therefore needed to make cybersecurity more of a priority. Data from the 2017 ABA Legal Technology Survey found 22% of law firms got hacked or experienced data breaches in 2017.
That percentage is climbing compared to previous years, indicating that regardless of whether representatives of a firm believe it, the organization could be at risk of a hack that could threaten their files, data, and reputations.
The Threats Could Evolve
These are four relatively recent cyber challenges faced by law firms. However, as criminals become more creative and cunning, the opportunities for exploitation could grow.