The most common cyber attacks targeting the legal industry

The most significant danger to law firms is not targeted attacks, but the everyday attacks that everybody is experiencing. The difference is that a law firm’s cybersecurity breach can substantially impact the firm and its client. Medical histories, relationship details, financial records, trade secrets, and more are all stored with lawyers. 

Widespread generic and sophisticated targeted attacks are common within the legal industry. Both affect small and Big Law. But the traditional hierarchy in these large firms is the inverse of the threat that hit them. 

In this case, attackers don’t go after the top of the law firm pyramid— the named partners. Instead, non-lawyer professionals are a bigger target—sometimes because they have root-level access to many systems. A legal secretary will have access to her email and those of the lawyers she supports. A paralegal can access knowledge libraries, case files, and client documents. IT professionals will have administrative software privileges broader than the managing partner. 

Law firms need to consider cybersecurity from the bottom up in their staffing. Here is how it usually plays out:

Social engineering attacks

Some attackers are seeking something that gives them an edge in specific cases or industries. For example, many IP law firms are potential targets of sophisticated attacks because they hold vast amounts of information that can impact the market in particular sectors. 

Then, there is the sophisticated targeted attack on law firms that move large sums of money. Real estate lawyers often use their trust accounts for down payments and escrow, and there is a whole class of cyber criminals that look at interrupting those transfers using social engineering. 

Socially engineered attacks mean that the hacker is targeting your specific organization. They may have researched you, your employees, your vendors, and even your physical locations. 

Using this knowledge, they will begin to test defenses in ways that seem plausible. It might be a text message to a junior associate claiming to be you. There might be an email seemingly from a client changing their bank deposit details at the last minute. 

These attacks are seeking a failure in procedure. Will the receptionist “confirm” the firm’s credit card details to the fake bank? Will the junior associate reply to that text with pictures of a document?

These cyberattacks may come through non-lawyer employees. In Big Law’s high-stakes work environment, a rushed activity culture benefits social engineering hackers. Staff and associates expect hurried demands from partners. 

The best defense against socially engineered hackers is slowing down the culture. Employees need to feel comfortable asking questions when demands seem off. Law firms must set boundaries on how genuine requests will be transmitted. 

Phishing and ransomware 

Automated attacks are more common in the legal industry, but not less effective. Cyber attackers want any foothold in your system, and most come through a communication medium.

Interestingly, what we’re seeing in law firm cyberattacks are more relevant phishing and ransomware emails that are generically plausible to a lawyer. Attackers send hundreds of thousands of emails through every compromised lawyer’s address book they find online. They disguise a malicious email to appear to be from a client, asking for sensitive information or requesting a wire transfer. 

As you sip your morning coffee, scrolling through your emails, you come across one with the subject line “Urgent Update – Confidential Information.” You open the email and find a message from an unknown sender claiming to have infected your computer with malware and demanding a ransom for the decryption key. Your heart races as your client files have become inaccessible. This is not just a nightmare; it is the reality of a cyberattack and a growing threat to legal firms. 

How should the legal industry prepare itself for threats and the role of legal technology? 

You can be a lawyer or an IT security consultant, but you can’t be both. These three steps save you time and your firm’s reputation. 

1.  Transparency

The buck stops at the lawyer under the rules of professional conduct. Lawyers are responsible for oversight of non-lawyers, even those that provide third-party services. It is why they must seek transparency in their legaltech vendors. Cloud providers must be transparent about what security they offer and their shared role and responsibility to the subscriber.

2.  Invest in the economies of scale

Big Law has the money to invest in security, but the solo, small, and boutique markets cannot have a comparable level of protection without completely disrupting their sustainability. But with the economies of scale, every lawyer that purchases a cloud service can invest a small portion of that monthly or annual fee into their security and get a magnified return through trained security professionals, cutting-edge technology, and robust support services. 

Look for third-party audits to help identify which legal technology vendors are staying ahead of the evolving cyber threats and maintaining your data security at physical, technical, and administrative levels. 

3.  Recovery 

There is no perfect cybersecurity. Your best protection is planning for good security and a good recovery. Data should be encrypted at rest and in transit to prevent unauthorized access. Extensive backups should be up-to-date and easily accessible. Recovery mechanisms that reach the financial aspects, like cybersecurity insurance, are also essential for law firms and their legal technology providers. Cloud vendors should provide appropriate insurance for the risk they share with customers and intervene on behalf of the subscriber and their clients to minimize damage and help them recover quickly. 

Lawyers need to get serious about policies when it comes to cybersecurity. But policies alone aren’t enough. There should be an evolution from policy to practice to automation of that practice. Legaltech and the legal industry should evolve together to meet these evolving threats.