Hardly a week goes by without a breaking story on the release of the personal information of large number of people due to a cyber or data breach at a major corporation or online service. And it doesn’t stop there. Countless smaller business entities and individuals have experienced data breaches or ransomware infections or the loss of money after being duped by an online scam.
Law firms are not immune and all too often experience breaches and malware infections, although they generally don’t make the news (law firms do their best to stay out of the news). And take notice: cyber criminals are specifically targeting you and your firm because they want your data or the money in your trust account.
Law firms are appealing and sought-after targets for cyber criminals for three reasons. First, law firms have large amounts of sensitive and confidential information that can be valuable. Second, law firms tend to have large sums of money in their bank accounts. Last and not the least, relative to their clients and based on anecdotal information, law firms tend to have weaker security protection on their networks and systems.
Cybercrime has hit very close to home. In 2011, several major Bay Street firms were targeted by hackers traced to China who appeared to be seeking information on a multi-billion-dollar commercial transaction. In late 2012, LAWPRO handled a claim involving a significant theft from a firm trust account by a Trojan banker virus. On a daily basis firms send us the emails they receive that are attempts a bad-cheque frauds.
Information on cybercrime tools and techniques is widely available online, making it easy for even non-technical people to undertake malicious cyber activities. But make no mistake, while amateurs may launch attacks on law firms, industrial espionage on high value targets can involve the most skilled hackers in the world including, potentially, foreign governments
Cyber criminals will use every tool at their disposal to attack law firms. They will send spam and phishing messages. They will try to install malware and create back doors into your firm’s computers. They will look for weaknesses in security configurations or weak passwords and exploit them to access firm networks. In very devious ways, they will try to trick you or your staff into helping them. It is quite possible they will target you individually, including attacking your home computer to hack into your office systems.
The bottom line: cybercrime is a real and present danger for law firms. All firms should work to understand the cybercrime exposure to and take steps to reduce the likelihood they will experience a data breach at the hands of cyber criminals. The Cybercrime and law firms issue of LAWPRO Magazine contains several articles to help you take these steps. They include:
- Cybercrime and Bad Cheque Scams: Fraud Fact Sheet
- Cybercrime and law firms: The risks and dangers are real
- Protecting yourself from cybercrime dangers: The steps you need to take
- LAWPRO’s $250,000 cybercrime coverage and what it covers
- Other cyber risk insurance options: Do you have the coverage you need?
- Keeping your passwords strong and secure
See our Technology page for further articles and resources to help you make greater use of technology at your firm and in your practice.