Top cyber-risks within the legal sector (and how to protect yourself against them)

Category: News
Published: 1st November 2022

< Back to Media
Man on the phone using a laptop and phone in a business setting

Growing digitalisation has continued to revolutionise the way we work, introducing various industries to new technologies and automations, speeding up processes and enabling working models that were previously impossible. But it has also brought about heightened levels of risk, with more data being shared and more endpoints devices (i.e., tablets, mobiles, laptops, etc) widening the attack surface.

The legal industry is particularly at risk as, owing to the sensitive and valuable data it holds, law firms are extremely appealing to threat actors – with leading firms such as Tucker’s Solicitors and Gateley becoming recent victims. Even regulatory bodies, including the Bar Council and the Bar Regulatory Board, have not escaped attack.

As the UK government looks to implement new cybersecurity laws and increased fines for data breaches, and cyber-insurance requirements are becoming ever tighter, we decided to look at the top three cyber-risks faced by the legal sector and the best ways to protect yourselves against them.

1, Social engineering attacks

The human firewall can be the strongest part of your cyber-defence, but it can also be your weakest, depending on the level of training provided to your staff. It is also, unfortunately, the part of the legal sector that is most often targeted – with 83% of cybercrimes reported to the SRA involving email – making social engineering attacks the biggest risk currently faced by law firms. These encompass any attacks involving human interaction, such as luring an employee into giving away sensitive data or allowing the criminal access to their network. As social engineering becomes ever more advanced and engenders new technologies to deceive its targets, these attacks have become increasingly harder to detect.

Additionally, a company’s email configuration and authentication status can be easily found by hackers and used to spoof your email domain and send fraudulent phishing emails supposedly from you. Your responsibility to combat phishing attempts now extends beyond your own company to that of your clients and supply chains.

It is therefore vital that the tools used to manage and authenticate email domains, such as Domain Message Authentication Reporting and Conformance (DMARC), Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM), are correctly configured and monitored, to reduce the risk of spoofing and the financial and reputational consequences it can bring.

How to protect yourself:

The best way to improve your human firewall, is to invest in Security Awareness Training and Testing for your staff. As nearly all social engineering attacks rely on human error to be successful, they can be avoided by providing additional cyber-hygiene guidelines to those in your practice. There are also tools you can use that provide a higher level of email security, which can safely detonate suspicious attachments in a virtual environment and provide additional protection against malware.

To further protect your firm from phishing emails, it is imperative to check your DMARC, SPF and DKIM controls are correctly configured. In doing so, you can greatly reduce the chance of your company being spoofed and the possibility of your staff, clients and supply chains being phished.

2, The continuation of hybrid working

When the pandemic hit, working practices in the legal sector changed forever. Despite being forced to work remotely, the by-product has created a more desirable model. However, this has not come without risk, forcing firms to be more reliant on IT and digital sharing of data, which is why it features as our second biggest risk in the sector. Recent reports show an increase in ransomware attacks, phishing and email modification fraud – as well as increased access to firms via third parties and providers.

How to protect yourself:

As hybrid working is here to stay, and we continue to share data, more robust security is needed to protect the integrity of endpoint devices (e.g., tablets, phones, laptops, etc). It is advisable to use an endpoint security solution that can detect threats in real-time and prevent them from infiltrating other parts of your network.

With many home workers relying on the use of Virtual Private Networks (VPNs) to access company data while remote, this can pose an additional risk and complexity to company security as the technology typically establishes connections before authenticating them. To remove unnecessary risk, we recommend implementing Zero Trust Network Access (ZTNA), which verifies all access requests based on a strict, pre-defined policy. This ensures secure and contextual access is granted only to sanctioned data for the required period of time, rendering everything else invisible. This privilege can also be extended to third parties who might need access to the network to further eliminate risk.

3, An unprepared cyber-response

The third and final threat on our list isn’t technically a threat in its own right. However, with the government urging solicitors to help stem the rising tide of ransomware payments, it is vital to ensure you have the right preparations and response in place should you unfortunately fall victim to a cyberattack. Two out of three CISOs have admitted feeling unprepared to cope with an attack, and a massive 75% of businesses were revealed to have paid the ransom demanded in 2021 – suggesting there is some room for improvement in this area.

How to protect yourself:

Make a plan that can be quickly rolled out in the event of a cyber-incident. Create easily accessible backup files and a detailed response guide that can be followed, including what to shutdown to prevent further spread and any contact that needs to be made with external parties.

Developing a relationship with a remediation or managed services partner prior to an event can save you valuable time in your response. Many of these attacks require specialist knowledge and capabilities to resolve and being able to access this expertise as soon as it is needed is key to being prepared. By establishing a remediation partner, you can provide additional support to your in-house team, through direct and immediate contact with cybersecurity leaders.

The bottom line

While the adoption of new technologies and increased digitalisation is something that should be celebrated, the additional risks that it brings shouldn’t be ignored. By implementing higher levels of endpoint protection via Endpoint Detection and Response (EDR) and more secure access to your network, alongside additional training for your team, your firm can strengthen its cybersecurity posture to align with a digital future.

If you would like to future-proof your firm’s cybersecurity defences, feel free to get in touch here for more information and support.