Identifying Law Firm Website Vulnerabilities

October 20, 2016 in Cyber Attacks

“Law firms are tremendous concentrations of really critical, private information. Infiltrating those computer systems is a really optimal way to obtain economic and personal information,” a statement on the state of security for law firms by Bradford Bleier, unit chief of FBI cyber division.

Every day, law firms manage sensitive information for their clients, including mergers and acquisitions, investments, business strategies and other intellectual property. This has made them a prime target for phishing and cyberattacks. In fact, Cisco’s 2015 Annual Security Report named law firms as the seventh highest target for cybercriminals. October is Cybersecurity Awareness Month, which is why now, more than ever, it is necessary to identify and resolve vulnerabilities within your firm.

Accessing Files on Unsecured Mobile Devices

A recent article shows 91 percent of attorneys currently use their mobile devices to access documents in their practice. Using unsecured and unencrypted devices leads to many potential hazards. The most important being that the firm is unable to manage what information is accessed and by whom. Implementing procedures that require firm data only be reviewed on approved devices can reduce the risk of cybercriminals stealing information. Additionally, requiring employees to use a virtual private network (VPN) when offsite reduces risk by creating a secure data connection.

Opening Phishing Emails

Phishing emails are one of the subtlest and most intelligent cyberattacks used today. Proskauer Rose, the 53rd largest firm in the U.S., suffered a sophisticated phishing attack on March 31, 2016. An email, masquerading as a request from a company executive, resulted in the release of employee W-2s to hackers. The attack was only discovered after employees reported that fraudulent tax returns had been filed in their names. Similar scams are used to steal confidential information from law firms all over the U.S. However, providing comprehensive safety training for your employees can help them learn to recognize and thwart attacks.

Foregoing Software Updates

The technology that powers today’s law firms must be updated regularly. Mossack Fonseca, the law firm behind the infamous Panama Papers breach, is a prime example. Mossack Fonseca neglected to update at least three of its systems, including its confidential client portal, email program and main website software. At the time of the breach, it was discovered that some systems had not been updated in over six years! Unfortunately, these vulnerabilities were easily found and exploited by hackers. A record 4.8 million emails, 3 million database files, 2.1 million PDFs, 1.1 million images, 320,166 text files and 2,242 other files were released to the public, resulting in many frustrated clients and a tarnished law firm reputation. Encouraging your employees and IT team to complete regular updates will prevent a similar breach for your firm.

Implement Changes

The key to protecting your law firm is by working with your entire team to close any security gaps. Provide employees with vulnerability assessment and endpoint software, security training and company technology guidelines to better prepare for cyberattacks. Invest in building endpoint and website security to provide an extra layer of protection for your firm. Ensure your reputation and your client data is safe by addressing these vulnerabilities today.

Learn more about SiteLock products and pricing for comprehensive website security.

Latest Articles
Follow SiteLock