Password Sharing Policies
Selina CoenUncover the dangers of workplace password sharing and outdated practices. Learn about secure alternatives like shared mailboxes and permissions and explore modern security practices in this must-read blog.
Law firms are data-rich organizations that attract cybercriminals like bees around a honeypot. The recent cyber-attack on the law firm McCarter & English demonstrates this. The cyber-attack caused sensitive data exposure and meant the firm lost access to email backups and email inboxes, causing the firm to turn to an emergency temporary email platform. Cyber-attacks on law firms are highly disruptive and lead to loss of client trust, fines, and financial losses. As a result, law firms are a target for cybercriminals, and like all other industries, the sector can no longer treat cybersecurity as an afterthought. Here are the reasons why.
The American Bar Association (ABA) conducted a 2021 survey on technology use and cybersecurity in the sector. The survey found that 29% of law firms had experienced a cyber-attack. Cybercriminals focus on the sensitive and valuable data that law firms preside over. The mechanism of attack often begins with credential theft. Once credentials are stolen, often by spear-phishing, cybercriminals can access law firm IT systems. Once cybercriminals breach these systems, hackers can install malicious software such as ransomware or exploit databases full of sensitive and confidential files.
Stevens & Lee: a breach notice from the firm points out that personal customer data was exposed during unauthorized access of firm files. The firm says the attack was “part of a sophisticated cyber-attack against our firm.”
New York City’s Law Department: this cyber-attack used stolen employee credentials to infiltrate the firm's network, with at least three databases accessed by attackers. The law department had to shut down its IT network to contain the attack. The result was delays in handling court cases and general mayhem.
Jones Day: a breach of the file transfer service Accellion was the cause of this supply chain attack on Jones Day law firm. The firm described the attack as ‘sophisticated’. Confidential documents, said to be from the Jones Day firm, were posted to a site associated with CLOP ransomware.
The ABA survey notes that of the 29% of law firms infected with a virus, spyware, or malware, 36% experienced downtime. In addition, 31% had to pay IT consultants to repair the damage, and 25% of respondents had to make a breach notification to the authorities and customers.
Law firms that suffer a cyber-attack are at risk of non-compliance fines too. For example, Tuckers Solicitors, a UK law firm, was infected by ransomware that encrypted over 972,000 files, including almost 25,000 related to court bundles. As well as the cyber-mayhem that ensued, the UK's Information Commissioner's Office fined Tuckers £98,000 ($120,000). The ICO commented that the fine was for "failure to implement appropriate technical and organizational measures."
Law firms must take appropriate measures to prevent cyber-attacks from exposing data, installing ransomware, and causing IT failure. Here are five suggested measures that any size law firm can put in place to ensure the safety of their IT systems and sensitive data:
Law firms can no longer treat cybersecurity as an afterthought. Fortunately, the largest through to the smallest law firm can prevent these cyber-attacks by employing cloud-based solutions or a by using a managed service provider (MSP) specializing in the deployment and maintenance of cybersecurity measures. Add to this a layer of security awareness training, and a law firm can ensure that they are doing their utmost to prevent sensitive data from exposure and keep their law firm up and running.
Uncover the dangers of workplace password sharing and outdated practices. Learn about secure alternatives like shared mailboxes and permissions and explore modern security practices in this must-read blog.
Discover the risks of holiday phishing and fortify your defenses with TitanHQ's ICES solution, PhishTitan—read now to secure a safe and joyous festive season.
Explore the chilling tale that won our Cy-BOO! Security Awareness Month Competition, revealing the eerie truths of cybersecurity in a hair-raising narrative.
Sign-up for email updates...