In today’s elite world of ever-evolving cyber attackers, law firms need to be armed and ready. Nearly a quarter (22%) of participants in the 2017 ABA Legal Technology Survey said their firms had experienced a data breach that year alone.
That’s because these law offices house mines of intellectual property, including sensitive information regarding business deals, taxes and more.
Law firms are prime targets for greedy attackers, especially smaller businesses, who often lack the security measures of larger firms as they:
Possess access to valuable, confidential client data, which can be used to scam and frame individuals
Have money, often demanded by hackers in return for the access of their files
Are often not prepared for an attack, lacking the policies, procedures and knowledge needed to protect their assets
These cyber attacks have closed exposed firms, many of which couldn’t recover from the financial or reputational implications of the breach.
It is your duty to defend your clients every day, but how are you defending your firm from trouble? Here’s five ways law firms in particular are targeted by cyber threats:
1. Phishing Emails
A phishing email is a message from a cyber attacker, often impersonating someone you trust. This email might look like it’s coming from someone within your law firm, or a client, but it’s not! It can contain infected links or files which, once opened, inject your computer with dangerous malware, like viruses, Trojans, ransomware or spyware.
Phishing emails come in all shapes and sizes, like fake invoices, data requests and other sly forms. Be cautious of opening any emailed attachments, look closely at the email address the message is coming from and watch out for shortened website links. One report by Fortinet actually found that malware attacks have rose by 4% in 2018 alone. Here’s some helpful tips for avoiding common phishing scams.
2. Open Ports
Are you giving cyber criminals access to your backdoor without even realizing it? Savvy hackers scan the internet for systems with open ports. What’s an open port? It’s a lot of technical talk, but if you are unknowingly exposing your Remote Desktop Protocol (RDP), virtual network computing (VNC) or other remote administration services for all eyes to see, your servers can be hijacked!
3. HTTP:// Sites
Next time you’re on a website, look at the beginning of the URL. Does it say “http://” or “https://” at the beginning of the domain? The “s” in that URL stands for “secure,” and it means that site will encrypt any data you submit on it.
If you’re browsing the web on your lunch break and decide to buy something on a non-secure site, you might accidentally click a link that gives hackers access to your computer. Cyber criminals can follow your keystrokes silently in the background, until they get your work passwords. Once they have what they need, they can execute a full-on data breach.
One of the best ways to stop your law firm from falling victim to a cyber attack is to block access to unsecure websites across all browsers, including Firefox, Chrome or any browser your employees can access. Read more about some extensions for doing this and tips from Google about securing your own website here.
4. Poorly Optimized Passwords
We hear about the importance of creating strong passwords all the time, but law firm’s need to be especially mindful of this cybersecurity measure. Have you asked your employees to test their password strength? Technology today is incredibly advanced, with password-guessing programs easily cracking short or easy-to-guess passwords in a matter of minutes.
For example, if one of your employees chooses a simple five-character password, a sophisticated cracking software might be able to pin it in seconds. Your law firm can benefit from an elite multi-factor authentication system to keep your company and clients’ data secure.
5. Printers & Scanners
Consider all the documents you’ve scanned or printed in the past six months. What about the past year? Just like your computer is capable of storing private data and documents, your printers and scanners have internal hard drives too.
If your devices are connected to the internet— which many web-enabled laser printers are— you are at risk. Sneaky hackers can reroute current print jobs to their own printer, or stored documents can be be accessed remotely. Learn more about protecting your printers and scanners to ensure your confidential information remains private.
Taking Steps Towards Better Protection
There’s a number of ways you can vamp up your security to protect your law firm— and there’s no better time than now to get started.
First off, you must invest in educating your employees on the dangers of cyber threats. LOGICFORCE’s Cybersecurity Scorecard study found that less than one third of law firms have mandatory trainings in place.
That same study also found that only 48% (less than half!) of law firms had their data security practices audited in the past year. Without vulnerability scans or penetration testing, how do you truly know if your devices and systems are secure?
We have your solution. Our Managed IT Services For Your Law Firm ebook has specific advice on disaster planning, connectivity and cybersecurity measures for protecting your law office.
Download your ebook today to assess your security infrastructure and safeguard your firm.