Hackers are becoming ever more creative, both in their techniques and their choices of victims, with law firms now in the firing line. Their target is most often confidential client information which can be highly valuable to hackers while the loss can be hugely damaging both to clients and to law firms that lose their data.

Every legal firm needs to take appropriate action to keep itself and its clients safe from cyber criminals. This article aims to explain the increasing threat and link between law firms and cyber crime, why hackers are choosing to target law firms, what methods they are using, the consequences of being a hacking victim and what you can do to stay safe online.


Why hackers want law firms’ client information


There are various reasons why hackers want to access client information from law firms. At the most basic level, it gives them access to potentially hundreds or thousands of client email addresses and information about clients which can be used to target those clients from scams.

In a recent case dealing with the hacking of two major New York law firms, it has been alleged that the perpetrators deliberately targeted firms to find out about major business deals involving their clients. They then used the information they obtained to invest in companies planning mergers where it was likely their stock would jump in value once the mergers were announced publically.

Law firms also hold all sorts of sensitive information about clients that could potentially be used for blackmail purposes and a whole range of other types of crimes. If the criminals can get access to a legal company’s email, they may also be able to send out emails which appear to be from employees of their law firm to the firm’s clients, offering the perfect opportunity for phishing. This can then give the hackers direct access to the targeted clients’ systems as well.


Common methods used by hackers to target businesses


There are various common tricks hackers use to gain access to company data which range from the sophisticated to the worryingly simple.

Cyber stalking – One of the most basic methods used by cyber criminals, this involves first identifying employees of a company (often by looking at staff profiles on the company website or finding the company and its staff on LinkedIn).

The criminals then track down all of the employees’ social media profiles and any other presence they have online looking for the answers to common security questions, such as their mother’s maiden name. They can then use this information to gain access to employees’ company accounts using password reset functions or by contacting an administrator and posing as an employee.

Social engineering – This can involve any number of techniques designed to get employees to simply hand over the personal details, account logins etc. There are various techniques which can be used, including calling the employee and posing as an administrator or IT specialist who needs the employee to “confirm” their details to resolve an issue. The employee then innocently gives their username and password to the hacker, unwittingly surrendering access to their account.

Phishing – A type of social engineering that happens by email. This typically relies on the hacker spoofing a legitimate email address so employees receive an email that appears to come from, for example, the IT department, asking them to click a link to reset their account password.

If the employee falls for this, then types their current password into the linked page, they have then handed it directly to the hacker. This was the method famously used in hacking of a top ranking Democrat during Hilary Clinton’s 2016 presidential campaign.


How to protect your law firm from cyber crime


It is absolutely essential to make sure your business, its employees and your clients have the best possible protection from cyber criminals. Any cyber attack on your firm is likely to not only cost you and your clients money, it can also damage your reputation and cause clients to lose confidence in your firm.

The solution is to make sure you have the very best IT security possible, to help catch threats before they become a problem. This will involve having the right IT professionals in place and taking basic cyber security measures, such as keeping firewalls and antivirus software updated at all times. You also need to make sure your employees are trained in avoiding become victims of phishing and other scams.

It is recommended to have company guidelines on avoiding becoming a hacking victim. This includes telling employees not to share answers to their secret questions for account unlocking on social media and not to share account information with anyone without confirming by phone or in person that this is a legitimate request.


Get IT support from the experts on working with law firms and cyber crime


When looking for outsourced IT support for your law firm, it is important to use a company that understands the unique technology requirements of the legal sector as well as having a handle on all the latest online threats. That way you can get exactly the kind of support you need while having the confidence that you and your clients are fully protected.

City Business Solutions specialise in IT security and more general IT support for the legal industry. We understand both law firms and cyber crime, giving us the perfect perspective from which to offer you the best possible service.

To find out more about how City Business Solutions can help keep your law firm safe and secure from cybersecurity threats, please get in touch.