
How MSPs Can Avoid Phishing Attacks
Trevagh StankardPhishing poses a considerable danger to MSPs and their clients. A simple click of a malicious link can damage an IT provider’s reputation forever.
Law firms are data-rich organizations that attract cybercriminals like bees around a honeypot. The recent cyber-attack on the law firm McCarter & English demonstrates this. The cyber-attack caused sensitive data exposure and meant the firm lost access to email backups and email inboxes, causing the firm to turn to an emergency temporary email platform. Cyber-attacks on law firms are highly disruptive and lead to loss of client trust, fines, and financial losses. As a result, law firms are a target for cybercriminals, and like all other industries, the sector can no longer treat cybersecurity as an afterthought. Here are the reasons why.
The American Bar Association (ABA) conducted a 2021 survey on technology use and cybersecurity in the sector. The survey found that 29% of law firms had experienced a cyber-attack. Cybercriminals focus on the sensitive and valuable data that law firms preside over. The mechanism of attack often begins with credential theft. Once credentials are stolen, often by spear-phishing, cybercriminals can access law firm IT systems. Once cybercriminals breach these systems, hackers can install malicious software such as ransomware or exploit databases full of sensitive and confidential files.
Stevens & Lee: a breach notice from the firm points out that personal customer data was exposed during unauthorized access of firm files. The firm says the attack was “part of a sophisticated cyber-attack against our firm.”
New York City’s Law Department: this cyber-attack used stolen employee credentials to infiltrate the firm's network, with at least three databases accessed by attackers. The law department had to shut down its IT network to contain the attack. The result was delays in handling court cases and general mayhem.
Jones Day: a breach of the file transfer service Accellion was the cause of this supply chain attack on Jones Day law firm. The firm described the attack as ‘sophisticated’. Confidential documents, said to be from the Jones Day firm, were posted to a site associated with CLOP ransomware.
The ABA survey notes that of the 29% of law firms infected with a virus, spyware, or malware, 36% experienced downtime. In addition, 31% had to pay IT consultants to repair the damage, and 25% of respondents had to make a breach notification to the authorities and customers.
Law firms that suffer a cyber-attack are at risk of non-compliance fines too. For example, Tuckers Solicitors, a UK law firm, was infected by ransomware that encrypted over 972,000 files, including almost 25,000 related to court bundles. As well as the cyber-mayhem that ensued, the UK's Information Commissioner's Office fined Tuckers £98,000 ($120,000). The ICO commented that the fine was for "failure to implement appropriate technical and organizational measures."
Law firms must take appropriate measures to prevent cyber-attacks from exposing data, installing ransomware, and causing IT failure. Here are five suggested measures that any size law firm can put in place to ensure the safety of their IT systems and sensitive data:
Law firms can no longer treat cybersecurity as an afterthought. Fortunately, the largest through to the smallest law firm can prevent these cyber-attacks by employing cloud-based solutions or a by using a managed service provider (MSP) specializing in the deployment and maintenance of cybersecurity measures. Add to this a layer of security awareness training, and a law firm can ensure that they are doing their utmost to prevent sensitive data from exposure and keep their law firm up and running.
Phishing poses a considerable danger to MSPs and their clients. A simple click of a malicious link can damage an IT provider’s reputation forever.
Find out all the reasons why a Managed Service Provider (MSP) should make email cybersecurity their top priority for their customers to prevent BEC attacks.
Finding a layered cybersecurity platform that deals with the sophistication and complexity of modern phishing threats, will give an MSP a competitive edge.
Sign-up for email updates...
Call us on USA +1 813 304 2544 or IRL +353 91 545555
Contact Us