April 05, 2018

What Puts a Law Firm at Risk for a Data Breach? 

Research shows that law firms are definitely under attack by information thieves.

In a 2017 LogicForce cyber security report, two-thirds of law firms had experienced a data breach, and every firm reported they’d been targeted by hackers.

While a data breach can harm a firm’s reputation and client relationships, there are significant financial risks too such as fines and lost revenue.

10 Reasons Why Cyber Criminals Target Law Firms

Access to Confidential Information

Law firms handle a lot of valuable confidential information. Data such as client depositions, discovery documents, plaintiff statements, and corporate information are valuable to thieves. Reduce this risk: Protect information from creation to disposal with a comprehensive document management policy.

Poor Security Planning

There’s a common belief that hacks and leaks only happen to big law firms... and that often means that firms are not taking enough precautions. The LogicForce study showed that only 41% of law firms have formally documented cyber security policies and incident response plans. Reduce this risk: Have an Information Security Policy, and use all the latest and best IT safeguards.

General Data Protection Regulation (GDPR)

Some law firms still have to make changes to their systems so that they are compliant with new GPPR regulations, which go into effect in May. Reduce this risk: Appoint someone to head up an action plan for GDPR.

Business Insiders

It’s not uncommon for attorneys to change firms or leave firms to start their own. But confidential information often leaves with them. Also, angry or dissatisfied employees at a firm may steal data as pay-back. Reduce this risk: Implement a culture of security, and teach employees how to spot an Insider Fraudster.  

Risky Work Habits

Many lawyers work outside of the office but don’t always adhere to secure practices (for example, using public Wi-Fi, a common target for hackers). Reduce this risk: Teach security best practices to everyone in the firm. Encrypt all mobile devices.

Phishing Scams

According to the 2017 Verizon Data Breach Investigations Report, 59% of all emails to law firms are phishing emails designed to trick the end user to log into a fraudulent system or download malicious malware. Reduce this risk: Teach all employees how to spot and avoid scams.

Third Party Access to Company Data

Nearly 63% of breaches are linked to third parties – and 80% of law firms are not vetting their third-party service provider’s data security practices, according to LogicForce. Reduce this risk: Vet third parties for their information security practices.

Employee Carelessness in the Office

Over half (54%) of small and medium-sized businesses in North America and the U.K. blamed careless employees for cyber security incidents, according to the 2017 State of SMB Cybersecurity report. Reduce this risk: Embed security procedures in the workplace. For example, partner with a document destruction company.

Financial Security

Law firms typically have the resources to pay a ransom – and may be targeted with ransomware more as a result. Reduce this risk: Create a breach response policy and back up hard drives every day.

Outdated Equipment

Technology dates quickly, and legacy equipment can increase a firm’s vulnerability to attack. Reduce this risk: Keep equipment updated, and securely destroy all hard drives that are no longer useful.

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment. To learn more about how to protect your firm, visit: shredit.com/law