Look Out Law Firms. Cybercriminals Want Your Data.

Look Out Law Firms. Cybercriminals Want Your Data.?

Law firms typically keep lots of sensitive client data (PII or personally identifiable information) and confidential company information. It’s important to keep this data safe from cyber-attacks because if a law firm’s data is compromised and breached, it will ruin the law firm’s reputation and cost the law firm tens or hundreds of thousands of dollars. In some cases, it may cost millions!?

Cyber-attacks are increasing at an alarming rate and law firms are like a gold mine for cybercriminals. The data that the cybercriminals find on the law firm’s systems can easily be sold on the dark web to other cybercriminals who are morally flexible enough to use the PII to commit fraud. Cybercrime is illegal, but these cybercriminals treat it as their full-time job. The pandemic changed the landscape of cybercrime. As unemployment increased, people started to find other ways of making money - some started legitimate businesses, others lived off the extra unemployment benefits until they could find another job, and some of the more morally flexible individuals picked up cyber crime as a new career path.?

Many law firms have gone digital with their sensitive documents. It’s not inherently dangerous to keep PII in the cloud or hosted locally IF proper cybersecurity is in place. There are a few ways that cybercriminals can gain access to the PII and they’re evolving. They’re getting better and more sophisticated with their cyber-attacks. The biggest threat to any business’s cybersecurity is their own employees.?

“But why would my own employees want to hurt my business?”

It’s usually not the malicious intent of employees that leads to a breach, though it does happen sometimes. It’s usually due to an employee unknowingly clicking on something they shouldn’t or giving information to someone pretending to be a coworker or supervisor. Cybercriminals often study their victims?so well that when they send an email to their coworkers, they know how to communicate just like them. On the receiving end of an email or text message, it really feels like you’re talking to whoever the cybercriminal is pretending to be.

Hollywood usually portrays the cybercriminals as someone in a dark room, wearing a hoodie and hammering away on a keyboard typing all sorts of code in order to hack into systems. In real life, usually that’s not the case. A lot of the attacks start with automated software that crawls the internet for weak points and once they’re found, the cybercriminal hops in the driver’s seat and starts their work. When they find an email account without MFA (multi-factor authentication), they’ll begin phishing for the password or other ways of gaining access.?

It’s important to stay up to date on current cybersecurity best practices and educate employees to be vigilant. The lack of a proper cyber-attack response plan makes law firms valuable and easy targets for cyber-attacks. Many law firms have implemented new cybersecurity obligations to protect clients’ PII and ultimately the firms integrity and reputation.??

Different types of Cyber-Attacks:

• Data breaches:?Accessing and collecting the PII or other sensitive data, and selling it on the dark web.
• Ransomware:?Encrypting important files and demanding a fee—or ransom—in order to restore access.
• Phishing:?Sending a scam message in the hopes of getting them to send back confidential information, login credentials, and wire fraud.
• Website attacks:?Infecting the computers of individuals who visit less secured websites.??

Hackers usually get in and lay dormant for a while before striking. It allows them to engineer the perfect attack, conduct social engineering, and slowly gather bits and pieces of important information over time. By the time you realize you’ve been breached, damage has likely already been done.?

The only way to stop cybercrime…

Actually there is no way to stop it. All you can do it protect yourself with the latest cybersecurity and educate your staff. Even with the best cybersecurity in place, there is always a chance of being hit with a cyber-attack. Here are some things to consider:

• Cyber insurance
• Cloud backup
• Encryption software
• Reboot and backup policies
• Strong firewalls?
• Risk assessment and internal controls
• Robust cybersecurity compliance program
• Crisis response plan for cyberattacks
• Reliable antivirus software
• Strong password combination
• Strict controls over personnel access to sensitive information?
• Using only secured Wi-Fi

Cyber insurance is extremely important. Because there is always a chance of being hit, it’s good to have an insurance policy that will cover the financial burden of lost revenue, breach counseling, ransoms, & incident response. However, without proper cybersecurity, the cyber insurance claims will get denied. Cyber risk management has 2 parts - the cybersecurity and cyber insurance. One without the other still leaves you vulnerable.?

How are you managing your risk?

Schedule a cybersecurity risk assessment with our team. Go to www.breachresponse.wompcav.com to get your *FREE* cyber-attack response plan, customized for your business.?