Albatross Cloud Suites
- Turn Key Cloud Packages for Your Entire Enterprise
- Includes Fully Managed IT & Cloud Services
- Outstanding Value and Savings
Keeping things secure is at the forefront of most thoughts and actions by lawyers and law firms. The practice of law by nature encircles the handling of sensitive and protected data; Therefore, it is the responsibility of all legal professionals to protect the data they have and are provided to the best of their ability.
Taking precautionary measures, staying up to date on potential security threats, and enacting security plans and protocols within legal practices are responsible and essential measures that should be taken. With technology continuously changing and developing, and with the use of technology becoming more prevalent in law, there’s a greater chance of lawyers and their clients becoming victim to cybersecurity threats; One of these threats being that of phishing.
Phishing was reported to be the top threat in security by those in high-level positions in IT; And, in 2018 there were reported phishing attacks by 62% of businesses. Phishing has become a pretty substantial problem for businesses and in particular law firms. According to a recent Law.Com article, “...data security experts said phishing schemes are the most common threat to law firms right now.”
So, what is phishing exactly? And, why is it such a considerable threat to law firms? Below, we’ll take a closer look at what phishing emails are, how they impact the legal industry, and how they can be recognized.
As Cisco Systems explains, ”Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine.”
Essentially, phishing can be conducted through smartphones, computers, tablets - any smart device that offers a means of communication, such as email or texting. The hacker will send a message to the victim, pretending to be someone else or a trusted company, and then proceeds to request private and confidential information from the victim that can then be used in fraudulent attempts. Sometimes, links clicked on in phishing emails can also download malware or viruses.
According to an ABA report on cybersecurity in 2018, law firms are often viewed as “one-stop shops,” according to the FBI; This is because law firms not only hold large amounts of private data, but the data is on many different clients. In the ABA’s 2018 Legal Technology Survey Report, the number of reported cybersecurity breaches is staggering:
During a 2018 Futures Conference, speakers reported that law firms experience a particular weakness when it comes to emails due to phishing encompassing one of the more common cybersecurity threats experienced within the legal industry.
One example of a substantial security breach caused by phishing occurred in 2017 with the Jenner and Block law firm. During this incident, hundreds of employees, both former and current, had their tax forms exposed. This was a direct result of employees transmitting their information due to a fake request appearing to be from law firm management.
In this case, knowledge of and familiarity with the different types of phishing attacks possible can make all the difference. To begin, there are five different phishing categories:
Within the five main categories, there are 14 different types of phishing attempts commonly seen:
While phishing attempts are often cleverly disguised, certain key giveaways can help potential victims recognize them. Here are a few:
In a FindLaw article discussing the vulnerability of law firms to phishing attacks, a 250ok study on emails showed that 62% of law firms aren’t doing enough to protect their firm's email communication. Furthermore, according to the 250ok report, an astonishing 91% of cyberattacks are a result of phishing attacks. So, what can lawyers and law firms do to change these numbers? Here are some tips:
If a phishing attack is known or suspected and resulted in data loss or theft, lawyers and law firms must act quickly. In fact, they are obligated to do so both morally and legally. When the discovery of a phishing attack is made, lawyers are expected to act quickly and investigate thoroughly. All clients and parties involved should be notified immediately of the breach, and be provided with information on steps being taken to repair the issue. Once repairs have been conducted following the attack, lawyers and law firms are then encouraged to revise firm security plans and consider hiring IT services to help prevent a similar attack from happening again.
When it comes to phishing attacks, staying informed, cautious, and taking evasive and defensive actions are vital to protect law firms and their clients. As law firms continue to ease their way further into technology use, hopefully, the numbers indicative of data breaches will go down as better security practices and precautions are taken.
Let's face it, downtime, hiccups and technical challenges are unavoidable in every business and they can be frustrating and downright costly.