Legal sector urged to make extra efforts with cybersecurity
Of all the non-banking sectors that have gone digital, the legal profession faces some of the most determined attacks of any industry.
That’s perhaps why the NCSC, National Cyber Security Centre, part of GCHQ, has issued a special report highlighting the risks faced by the legal profession.
The report was created with the help of the Law Society, Bar Council, the Solicitors Regulation Authority (SRA), Action Fraud and the National Crime Agency.
It seeks to outline key threats and mitigations the legal profession faces to help protect firms from nefarious actions.
According to the Solicitors Regulation Authority (SRA), in 2020 75% of the solicitors’ firms they visited for cyber security review had been the target of a cyber attack.
If you’re in the legal profession, you’re a prime target. Take action now to prevent your firm becoming one of these statistics.
Digital threats to the legal profession
As you can imagine, the average law firm has a lot of detailed information on clients, victims, complainants, plaintiffs and anyone they deal with.
Law firms also deal in large amounts of money. Whether it’s for property purchases, business transactions, compensation or something else, there’s usually plenty of cash in their accounts.
Any loss of data or interruption to their work can have far-reaching consequences to clients and the course of justice.
All that makes them prime targets for attack.
Whether that’s a High Street solicitor, barrister’s chambers or commercial law firm, all areas of the legal profession are at risk.
What are the risks to the legal profession?
The report from the NCSC highlights several risks the legal profession is particularly prone to.
Scam emails or SMS purporting to be legitimate to trick the recipient into downloading malware that will allow access to systems.
From there, the attacker has free rein over the law firm’s computer systems and data.
Mitigate by training staff on the risks, using an email platform with good security including anti-spoofing controls. Securely store and encrypt data separately from email systems.
Business email compromise
Business email compromise is essentially the same as phishing but targets partners or high level staff into revealing data through social engineering.
This is a very sophisticated form of attack and is very difficult to detect unless the recipient is aware of the risks.
Mitigate by using a secure email platform, training staff at all levels to be aware of the risk, enforcing strong passwords and two-factor authentication for logins and use a takedown service for emails from legitimate domains.
Ransomware is prevalent across industry but law firms are frequently targeted by this and other malware.
Legal practices not able to access data are particularly vulnerable and therefore, more likely to pay.
Mitigate by using antivirus and malware scanners, cloud systems with built-in security, using backups including one offsite or offline and one in the cloud, application filtering, firewalls, least privilege rules and designing a business recovery plan.
Password attacks are a collection of attacks that try to force logins to key systems. They include brute force attacks, dictionary attacks and others.
The idea is to access a login page for key systems and let a bot loose to try to force the password.
Mitigate by enforcing strong passwords, using two-factor authentication, training staff on password reuse and the need for strong passwords and using good network security.
Supply chain attacks
Supply chain attacks are an increasingly common attack vector across industry. It’s where attackers compromise your suppliers and gain access via any of your systems the supplier has access to.
Mitigate by enforcing supplier security, using robust network security for your own practice and limiting system access to suppliers.
Cybersecurity for law firms
It took many law firms long enough to leave paper behind and go digital in the first place. Now they are facing particular challenges protecting systems.
We mentioned just some of the challenges and potential mitigations you can use to protect your law firm.
The NCSC report makes sobering reading but also offers practical advice to mitigate the risks.
Work with Cloud Heroes and we’ll also help protect your systems and your data. We have the systems, the processes and expertise to help keep you and your clients safe. Contact one of our team to discuss your needs!