Law Firms And The Three Biggest Cyber Threats
More than 55% of British law firms suffered at least one cyber attack in the past 12 months, according the ‘Hiscox Cyber Readiness’ Report.
Add into the mix asset conversion fraud which saw a 10% increase, rising from 547 incidents in 2017 to 602 incidents in 2018 (Cifas ‘Fraudscape’ 2019 report). It’s safe to say the fraud problem just won’t be swept under the carpet.
The Three Cyber Threats
Criminal hacking into a firm’s email server to incept and send false emails to clients, is one of the biggest threats to a firm. A fraudster can access the firm’s account, impersonate a client or other firm all with the motive of obtaining money.
However, the issue of email hijacking doesn’t just stop at stolen money. Under the General Data Protection Regulation (GDPR), any incidents of email hijacking must be reported as criminals will have received confidential and identifiable information.
Phishing emails are sent to deceive employees to reveal confidential information. These attacks are becoming more and more common, with around 80% of law firms reporting at least one attack in the past 12 months. This type of fraud doesn’t just focus on small businesses. Global law firm and magic circle firm, Linklaters have fallen foul to phishing numerous times in 2019.
Harmful software, called Malware, encrypts files and steals data. More commonly known as ransomware, it ‘kidnaps’ your files in return for a ransom payment. This type of cyber crime made up 16% of the reports in 2018.
What can be done to protect your business and your clients
Having a positive cyber culture in your workplace that cascades from the top down is a great way to start.
Implementing accreditations such as Cyber Essentials which is recommended by Government experts is one of the ways you can prevent cyber criminals from accessing your firm’s technology.
Securing your email using OnDMARC will help to prevent criminals from cloning your domain, preventing other firms and your client’s falling foul of email fraud.
Not everything can be done with technology though. Staff training surrounding due diligence, and encouraging employees to raise concerns when they see something suspicious will help to cement the positive cyber security culture.