The legal sector remains a hot target for the full spectrum of threat actors; cyber-criminals, hacktivists, state-sponsored groups. This is largely due to the wealth of sensitive data held within the industry. That includes; patent data, merger and acquisition information, protected witness information and negotiation information. The scope is vast and not limited to the above list. Legal firms are equivalent to a pot of gold for any of these groups.

The sensitive business and client data that law firms store, make them valuable targets for malicious actors.They are certainly not exempt from the growing trend of cyber threats to businesses, their employees and clients.

It used to be the case that law firms thought it was a simple question of putting simple procedures in place, but in fact that’s not sufficient anymore. On a technical level, they need to make sure clients take reasonable steps to ensure data is secure and this means that their infrastructure needs to be secure. Storing or sending highly sensitive client details via email, or using unencrypted USB drives is not compliant with GDPR anymore.

 

The UK Legal sector 

The threat to the UK’s legal sector is very real, and growing quickly, with 62% of law firms reporting they had suffered an incident last year – up from 45% the previous year.

The most common security incidents faced by firms were email phishing attacks to try to gain access to client money, which 84% of firms that had been victims of attacks had suffered.

In these attacks, the hacker poses as a third party when emailing or getting in contact with a firm and specifies that purchase money should be sent to a different account.

Fifty-five percent of firms targeted by cyber attacks had been victims of attacks with viruses or other malware, while 16% of those targeted had faced significant attempts to break into their firm’s network.

 

Implications of a data breach in the Legal sector

The implications for clients are far-reaching. It could affect a legal case and put a client at a disadvantage. It might mean that valuable IP owned by a company is seen by a competitor. A data breach at a law firm could also provide a backdoor into your clients’ systems – cybercriminals are targeting businesses that give them access to larger enterprises with more valuable data to steal. Legal firms certainly fit the bill.

There is a significant reputational threat to law firms on the wrong end of these data breach incidents. If you are a major law firm, the ability to ensure your clients’ data is kept confidential is absolutely key to your standing.

If you have any questions about Cyber Security in the Legal sector or just want to have a chat, drop us a line at hello@cybersmart.co.uk

Protecting your data and organisation is hard work — let us help you make it easier.