Throughout the past couple of years, law firm security has repeatedly become a headline of news outlets, as cases of hack attacks continue to rise. Cybercriminals have found law firm data to be a priority target, as confidential client data is not only usually stored in cloud servers, but also rarely secured properly. Examples of current law firm attacks include:
- M&A data phished from big law firms: Earlier this year, three Chinese natives were arrested for hacking two US law firms and selling their M&A data to make trades in the stock market. Through the sale of each law firm’s confidential information, the three cybercriminals allegedly made $4 million.
- Ransomware attacks on corporate law offices: Ransomware has become one of the top security concerns for organizations throughout the world. Last year alone, researchers at Kaspersky found that every 40 seconds, a company was hit with malware—and law firms were not immune to these statistics. In fact, law firms throughout the country have been finding unusual files (e.g. labeled “HELP _ DECRYPT”) on lawyers’ computers. By clicking on the file, the lawyers are instructed to pay a pricey ransom in order to get the decryption key. In most cases, the encrypted files are deleted whether or not the ransom is paid.
- WordPress vulnerability attacks: Today, a large share of websites are created and managed through WordPress. With the recent discovery of a vulnerability within the website host’s content management system, WordPress-using law firms throughout the country have been breached. In fact, more than a million websites were hacked since the vulnerability’s discovery, including those that practice IP law.
From ransomware to website hacks, the majority of these hack attacks have stemmed from insufficient security strategies for both the employees and the firm’s technology. More specifically, according to the latest ALM CyberSecure Research, 47 percent of law firms (from nationwide firms to individual offices) report that their companies either do not have a cyber security program or do not routinely test their cyber security programs. Without the proper security measures, however, it could only be a matter of time until the company is breached—and you won’t have any control over which information is stolen! Hackers not only weed through law materials to find the clients’ financial information, but also search for case materials that could expose or sway the overall verdict. No matter what information is stolen, the result could be devastating.
Don’t wait and become a victim of these hack attacks. Sign up for our security awareness training for your entire staff to prevent your employees from becoming victims of these kinds of scams.