Tech+ Blog: Bay Area IT Security & Consulting News

Cyber Security for Law Firms

Sep 24, 2018

And...3 Things Law Firms Can Do to Protect Themselves



With the threat of cyber attacks constantly increasing, it is more important than ever for law firms to ensure they’re properly safeguarding sensitive client data. Although malware attacks and data breaches span all industries, law practices both big and small are especially targeted.


Why are law firms a target for malicious cyber-attacks?

business-close-up-color-315918Valuable Data
  • Most cyber-attacks are performed with financial gain in mind. It could be from ransomware extorting a firm’s data by hacking into a firm’s network to access sensitive data such as intellectual property, financial documents, and confidential client files and selling the data on the digital black market. In fact, according to Kaspersky security labs, only 20% of firms who paid the ransom demanded by ransomware attackers were actually able to retrieve their data. Law practices of all sizes have sensitive data that attackers see value in.


      • Moneybanknotes-bills-cash-164652


    Many cyber criminals treat ransomware attacks like traditional extortion by locking files down and holding access to them for a ransom payment. However, attackers are getting more creative. One particularly sophisticated case involved a medium sized Los Angeles based firm where they were working on a case dealing with a golf course who denied employees overtime pay. The settlement amount of $600,000, $500,000 of which was to be paid to the settlement administration firm. The L.A firm sent the $500,000 payment to a party whom they believed was the settlement administrator. On the other end, the settlement administration firm was receiving emails from the law practice that the payment would be delayed. Cyber criminals were posing as both parties to cause confusion and in the meantime they were able to scam the paying firm into transferring the large sum of money to an offshore account. This is the unfortunate future of cybercrime.  


    • Ill preparedness


    Most cyber-criminals know that many law firms are not prepared for an attack, either due to outdated security practices or lack of attention and emphasis on I.T infrastructure, the sad fact is that there are many firms out there with lackluster security in place and criminals know they can exploit that. In fact, in a 2017 survey of 200 U.S law firms, 95% of them admitted to not following their own cyber security policies.


    What can be done to prepare?


    • 1. Antivirus

    Antivirus is a standard for any computer accessing the internet, however it’s best for a law firm to team to up with I.T consultants to research and test the best possible antivirus solution. Major metropolitan areas such as San Francisco and Oakland are especially targeted due to the high concentration of law offices and high profile clients and cases.


    • 2. Cyber-Security Policies


    Establishing solid cyber-security policies, backup and restore procedures, and incident response plans are imperative to a creating a solid foundation which can be built upon with training, education, and auditing.


    • 3. Consult with Cyber Security Experts

    While having a full-time I.T team isn’t possible for many small and medium sized firms, it’s still wise to have a trusted cyber security partner assist in creating, implementing, and updating a solid cyber-security foundation.


    With the dynamic cyber-security landscape constantly changing, it's wise for law firms to remain vigilant and team up with experts to stay on top of things and keep their data as secure as possible.