,

Are Law Firms Victim to Cybercrime?

,

What has just happened?

As the nature of cybercrime has changed,  law firms have been a big target for cybercriminals due to the information that they acquire either from a client, a victim,  or a criminal, and their finances. The National Cybersecurity Center announced that 11 million pounds have been stolen due to cybercrime in 2017-2018. [1]

What does this mean?

Some of the Cyber threats to the legal sector include;

  • phishing, which is creating the urgency to disclose information or clicking links to provide information.

  • data breaches , which are the loss of client information through a hacking attempt following phishing.

  • Ransomware , which is a kind of malware that blocks the victim from accessing the data, computer network, and files until a ransom has been paid.

There has also been an increase in supply chain compromises which are not only prominent in the legal sector but also in other institutions leading to the corruption of third-party data storage or software providers. Top law firms in the UK remain an attractive target to this particular cybercrime due to the value of information.[2]

Cybercrime is predicted to cost the world 10.5 trillion dollars by the year 2025. This makes it more profitable than the crime of selling drugs illegally on a global scale. [3]

What does this mean for the legal sector?

During the pandemic,  there has been a 31% rise in Cybercrime. [4] For law firms, it is important to seek assistance through the consultation of cybersecurity experts. [5] Furthermore,  8 out of 10  of the 200 top UK law firms have been under at least 1 cyber-attack.

Even minimal exploitation of data can have an enormous negative impact on the trust and billing of clients. To improve cybersecurity,  it is not only important to use fraud detection to identify phishing or any concerning emails, but also to raise awareness with employees about Cybercrime while using modern applications and use business process re-engineering (BPR)  to optimize any law firms affected in cases of bankruptcy.

According to Mitigo Cybersecurity,  there is an element of human error in most cases such as clicking on suspicious links, backing up data, and ignoring virus/security alerts. It should be necessary for the staff of the law firm to be familiar with practicing a defensive culture to identify fraud and be familiar with why the backing up data into a local storing file or a personal account of a third party leads to a loss of control on their data footprint. [6] To mitigate risk,  it is vital to take these steps and also have the support of cybersecurity experts to create data security and endpoint protection measures. [7]

Cybersecurity is mostly thought of as an IT issue which is accurate,  but it is also a strategic risk management issue. It impacts sensitive client information which influences the entire legal practice.

The legal sector must recognise the risks associated with cybercrime and take comprehensive steps to address threats and restore systems.

In the last 5 years, there has been a 42% increase in cybersecurity-related reports which means that confidential information handled by lawyers and law firms regarding corporate or property law are mainly exploited for financial gain. Employees and law firms need to comprehend these different types of attacks and their repercussions. [8] The legal sector should advise employees and victims to seek help from websites that assist with cyber fraud such as Action Fraud, ICO, The NCSC, and the ROCU.

For smaller law firms, it is advisable to take policy actions like creating password policies, inventories for USB drives, signing up for threat alerts, and assess data before backup. Technical actions like using anti-virus software from a trusted website, switching on the firewall, restrictions to avoid 3rd party apps, and two-factor authentications can also be practiced.

CiSP is a new and free Cybersecurity Sharing Partnership for UK registered organizations or government that supports law firms and secures their digital environment by sharing cybersecurity threats based on the legal sector. [9]

Written by Harshitha Bandarupalli

Assessing firms:

#White&Case #Dentons #DLAPiper #DWF #AkinGump #MayerBrown

References:

[1]Ortus Group, “Cyber Criminals vs UK Law Firms – the Battle Continues – ORTUS GROUP” (Ortus Group) <https://www.ortusgroup.com/news/cyber-criminals-vs-uk-law-firms-the-battle-continues/> accessed April 4, 2021.

[2] National Cybersecurity Center, “The Cyberthreat to the UK Legal Sector” (Ncsc.gov.uk2018) <https://www.ncsc.gov.uk/files/the_cyber_threat_to_uk_legal_sector_NCSC_2.pdf> accessed April 4, 2021.

[3] Milad Shojaei, “The Rising Risk of Cybercrime for Law Firms” (Legal FuturesMarch 2, 2021) <https://www.legalfutures.co.uk/blog/the-rising-risk-of-cybercrime-for-law-firms> accessed April 4, 2021.

[4] Ortus Group, “Cyber Criminals vs UK Law Firms – the Battle Continues – ORTUS GROUP” (Ortus Group) <https://www.ortusgroup.com/news/cyber-criminals-vs-uk-law-firms-the-battle-continues/> accessed April 4, 2021.

[5] National Cybersecurity Center, “The Cyberthreat to the UK Legal Sector” (Ncsc.gov.uk2018) <https://www.ncsc.gov.uk/files/the_cyber_threat_to_uk_legal_sector_NCSC_2.pdf> accessed April 4, 2021.

[6] Strategic Partners Mitigo, “Six Cyber Security Resolutions for Your Firm” (Law Society of Scotland) <https://www.lawscot.org.uk/members/business-support/technology/cybersecurity-guide/hot-topics/six-cyber-security-resolutions-for-your-firm/>.

[7] Security Magazine, “UK Sees a 31% Increase in Cyber Crime amid the Pandemic” (www.securitymagazine.comOctober 23, 2020) <https://www.securitymagazine.com/articles/93722-uk-sees-a-31-increase-in-cyber-crime-amid-the-pandemic>.

[8] Strategic Partners Mitigo, “Six Cyber Security Resolutions for Your Firm” (Law Society of Scotland) <https://www.lawscot.org.uk/members/business-support/technology/cybersecurity-guide/hot-topics/six-cyber-security-resolutions-for-your-firm/>.

[9] National Cybersecurity Center, “The Cyberthreat to the UK Legal Sector” (Ncsc.gov.uk2018) <https://www.ncsc.gov.uk/files/the_cyber_threat_to_uk_legal_sector_NCSC_2.pdf> accessed April 4, 2021.

Disclaimer: This article (and any information accessed through links in this article) is provided for information purposes only and does not constitute legal advice.