UK law firms continue to remain vulnerable to phishing attacks

UK law firms continue to remain vulnerable to phishing attacks

Over 1.1m e-mail addresses of top UK law firms found dumped on Dark Web

In March 2016, research by AXELOS revealed that despite processing a lot of sensitive data, law firms in the UK were highly vulnerable to cyber-attacks due to lack of appropriate cyber resilience strategies.

“For the legal sector to have effective cyber resilience it needs a two-pronged plan of action in adopting best practice,” said AXELOS head of cyber resilience Nick Wilding.

“First, they [law firms] need to assess how they can harden their networks against their critical vulnerabilities, and secondly, they need to educate their people through ongoing, engaging and practical cyber awareness learning. This is the best way to ensure the sector is fully prepared to protect its clients’ most valuable information.”

Even though Matt Torrens, the author of the research paper and a legal IT veteran himself, sounded a warning to leading law firms in the country about their cyber vulnerabilities, it later turned out that no one was listening. In the 18 months that followed, law firms across the UK lost a combined £85 million to cyber-attacks, and this now shows such firms’ cyber defences and their priorities in poor light.

In fact, towards the end of 2016, it came to light that as many as 73 of the UK’s top 100 law firms were targeted by cyber-attacks, compared to just 45 in 2013-14. 84% of the 73 firms later admitted that they had been victims of phishing attacks.

Peter Wright, the founder of DigitalLawUK, says that top law firms in the UK continue to remain vulnerable to data breaches and potential infections due to lack of encryption of their servers and emails. At the same time, such firms’ IT systems suffer from “haphazard development”, lack strategic security plans and have inherent problems.

As is the case everywhere else, law firms in the UK handle potentially sensitive and highly confidential information on behalf of their clients, and these include details of future mergers, market strategies, board communications and succession plans.

As such, any data breach of their systems can land such confidential data in the hands of unintended, sometimes malicious, recipients. It is thus pertinent for law firms to ensure their employees are cyber-aware at all times and do not fall victim to phishing and spoofing attacks originating via emails.

‘You can see a big reputational threat to law firms on the wrong end of these data breach incidents. If you are a major law firm, the ability to ensure your clients’ data is kept confidential is absolutely key to your standing,’ said Patrick Hill, a partner at DAC Beachcroft.

Copyright Lyonsdown Limited 2021

Top Articles

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

We Need to Talk About the Most Popular Bitcoin Trading Approach

Dealing with the most innovative side of the overall financial possibilities, you have to make sure that you are properly prepared to tackle each and every possible aspect of the…

How to effectively secure your remote or hybrid workspace

JumpCloud CTO Greg Keller explains how SMEs can adapt to changing workplace policies, improve security and reduce costs

Related Articles

[s2Member-Login login_redirect=”” /]