Having a secure site isn’t negotiable anymore for law firms. Attackers are targeting large and small firms alike. According to a survey of 200 law firms, 40 percent of them were not aware of a cybersecurity breach in their system.
The Logic Force also found out that almost 80 percent of law firms do not have cybersecurity insurance policies. Law firms’ security lax is a paradox. Cisco’s 2015 Annual Security Report said that the seventh most important target of cybercriminals is law firms.
How do you keep your site secure? Read on to find answers.
Law Firms Are Prime Cyber Attack Targets
Law firms hold their client identity data, company trade secrets, and other information. That’s why cybercriminals target them.
Bloomberg says 80 of the top 100 law firms in the U.S., based on revenue, have been hacked. The American Bar Association (ABA) says that attackers have breached 15 percent of the most prominent firms in the U.S.
Big law firms have suffered many cyber attacks. For example, there’s the case of the ransomware attacks on DLA Piper, a multinational law firm with a presence in the U.S. and Australia, and many other cases across the globe.
Law Firm Website Vulnerabilities
Law firms have unique vulnerabilities. The head of FBI’s Cyber division, Bradford Bleier stated that cyber attackers see law firms as a treasure trough for obtaining private and financial information.
Clients entrust control and protection of essential documents to law firms every day. Business ideologies, intellectual properties, mergers and acquisitions, and investment papers are common documents law firms handle.
Robust databases that law firms hold are attractive to cybercriminals. Conventional sources of vulnerabilities on law firm sites include:
- Neglecting software updates.
- Using Unsecured Mobile Devices to Access Sensitive Files
- Opening Phishing Emails
Law firms depend on their sites to generate cases, but Google would rank only a secure site. Website security is a crucial component of search engine optimization. SEO for lawyers by Qamar Zaman is a solution tailored to the needs of legal professionals and law firms.
Let’s take a closer look at each of the three vulnerabilities we mentioned above.
Neglecting Software Updates
Law firms must keep their software solutions up to date or stand the chance of a cyber breach. The Panama papers breach from Mossack Fonseca is a quick example. The firm left three of its systems vulnerable, including its main website software, its private client portal, and email software.
Mossack Fonseca didn’t update some of its systems for up to six years before the breach! Hackers found and preyed on these vulnerabilities to tarnish the reputation of the law firm and frustrate their clients.
The Mossack Fonseca hack resulted in an unprecedented release of 1.1 million image files, 3 million database files, 320,166 text files, 4.8 million emails, 2.1 million PDFs, and 2,242 other files. A total of 11.5 million documents.
The Mossack Fonseca hack resulted in the release of:
- 1.1 million image files
- 3 million database files
- 320,166 text files
- 4.8 million emails
- 2.1 million PDFs and 2,242 other files.
All documents released came to a total of 11.5 million.
Using Unsecured Mobile Devices to Access Sensitive Files
Accessing files and documents from unsecured and unencrypted devices is potentially dangerous. A study showed that 91 percent of attorneys access documents using their mobile devices. However, most law firms are not able to manage who and what information a person obtains.
Firms, to control access and ensure a secure site, could start a procedure requiring that their data be viewed on only approved devices. A secured access system helps your firm reduce the chances of cybercriminals taking advantage of porous access points.
Virtual Private Networks (VPNs) can add another layer of security to your firm. Demand that employees and attorneys in your firm use VPNs to access data when not using your office network connection.
Opening Phishing Emails
One of the subtlest and smartest cyberattacks used by hackers is phishing emails. On March 31, 2016, cybercriminals launched a sophisticated phishing email attack on one of the largest law firms in the U.S., Proskauer Rose.
In the Proskauer Rose case, attackers passed emails that masqueraded as a company executive’s request for employees’ W-2s. Authorities only found out about the attack after employees started reporting fraudulent tax returns filed in their names!
Phishing scams like the Proskauer Rose experience are used across the U.S. to steal sensitive information from law firms.
Best Practices for a Secure Site
Following the massive attacks on law firms, the American Bar Association has published a document to help law firms mitigate cyber attacks. The ABA publication gives guidelines for walling-off and managing cyber attacks.
About 43 percent of small and single-practice law outfits report security breaches. That number goes to 52 percent for firms with 10 to 49 attorneys.
The ABA publication is a good start for protecting your firm against cyber attacks. However, we’ve outlined common best practices you can use to ensure a secure site for your law firm.
Hire Security Experts
Hire an external security expert to assist your firm in finding vulnerable entry points such as printers and other internet connected office machines, routers, servers, and web applications. The experts would also help develop and execute your protection plan.
Most security operators work on specific security cases, so you’ll need more than one security partner to achieve a secure site for your firm thoroughly. You want to check your firm on an ongoing basis to ensure maximum security, so this isn’t a one-off event.
Develop a Firm-Wide Data Security Plan
The security plan must involve and engage everyone in your firm. The program should educate your employees on spotting potential threats, like phishing attacks, designed to fool them into compromising the firm’s network.
Adopt and enforce a policy that limits user access on sensitive firm databases. Your firm’s security strategy should also demand authorized persons to change their credentials periodically.
Employees should use different passwords to access various systems and also keep all sensitive information away from the cloud.
Keep Your Software Updated
This option may seem obvious, but it’s tricky. Attackers don’t focus on the popular software that you’d keep updated. They look for loopholes.
In fact, 78 percent of attacks come from your out-of-date Adobe Acrobat Reader and Java!
Although Adobe Acrobat once held the lead, Java has since surpassed it. Windows isn’t even on the top 10 entry points of hackers, as it accounts for less than three percent of attacks.
Wrapping It Up
Firms without a secure site have suffered losses in millions of dollars, reputation, and clients. Fortunately, the ABA and other organizations that support the legal practice have provided best practices to help navigate the sea of cyber attacks on law firms.
SiteUptime helps you monitor downtime on your website, find out here how SiteUptime can help you ensure a secure site.