find the latest legal job
Corporate/Commercial Lawyers (2-5 years PAE)
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Specialist commercial law firm · Long-term career progression
View details
Graduate Lawyer / Up to 1.5 yr PAE Lawyer
Category: Personal Injury Law | Location: Brisbane CBD & Inner Suburbs Brisbane QLD
· Mentoring Opportunity in Regional QLD · Personal Injury Law
View details
Corporate and Commercial Partner
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Full time · Join a leading Adelaide commercial law firm
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Sydney NSW
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Melbourne VIC
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
How hackers infiltrate firms

How hackers infiltrate firms

Nick Lennon

Ransomware and spear phishing are the latest in sophisticated cyberattacks targeted at law firms, writes Nick Lennon.

Law firms are the perfect target for hackers and arguably the most vulnerable. As keepers of individual's and organisation's most sensitive, and often most valuable data, law firms are a primary targets for hackers. Why? The ransom figure for this type of information is extraordinary and a breach gives lawyers little option but to pay the ransom to regain control of their business. A security breach is one of the last things a lawyer wants to disclose to a client.

In 2015, one in four law firms have fallen victim to a security breach and one in three businesses have been the target of a ransomware attack. How, you ask? Your email is a vault of shared information from clients and privileged parties and email is the open door for many hackers. A successful attack of a firm’s email system gives hackers access to the most sensitive details at their fingertips.

Attackers can compromise a firm’s email systems in a number of ways. One way is to disrupt business as usual and impede targeted law firms’ communications. A recent Galaxy Research survey of IT managers across a range of industries put the financial losses from email outages at anywhere from thousands of dollars to hundreds of thousands of dollars.

Yet the damage caused by disruption pales beside the damage that email can cause as a vehicle for more sophisticated and nefarious attacks. Viruses and other malware can disrupt law firms’ administration and billing systems, steal data and force technology administrators to spend valuable time and resources detecting and removing them. Unsurprisingly, the Galaxy Research survey found that nearly all IT managers across all industries were aware of the threats posed by viruses, malware and outages.

While legal firms and other businesses can recover from a ransomware attack by restoring systems and files from backups, firms may suffer from lost productivity and reputational damage. Law firm Cavill Leitch recently experienced an incursion from the Cryptolocker ransomware and had to restore from a clean incremental data backup from earlier in the day. 

Managing partner Julian Clarke was quoted as saying: “It is still a frightening prospect and we are speaking out . . . to encourage others who might be less well prepared to be aware of the risk."

Spearphishing is another security threat that faces more than half of legal firms and the legal profession is the top target for these kinds of attacks. Disguised as a fake email to targeted groups of people, attackers trick them into revealing information or downloading malware – as a genuine threat. Global intellectual property consultancy Rouse & Co. was among firms targeted by an increased number of spear phishing emails.

Manager Matthew Blewett acknowledged the concern: “Our users began reporting even more potentially threatening emails to the IT department –­ they wanted to be sure that clicking on the supplied link wouldn’t be dangerous, either by downloading some malware or by asking for credit card or other personal log-­in details."

These trends are gaining strength at the same time as many law firms and businesses consider adopting cloud-­based email services. Also international cloud services remain important for legal and technical reasons. The Galaxy survey revealed about three-quarters of businesses considered it important that business and customer data be hosted within Australia, primarily for legal and compliance reasons. Nearly the same share rated application performance and latency as reasons for onshore hosting.

With client pressures and scrutiny on the rise with increased demands for proof of protection of sensitive data, law firms need to act to defend the inevitable breach. So what can law firms do to defend the breach? Using traditional security approaches to mitigate the threat of email-­borne attacks is no easy task for law firms. Businesses need to combat both the social engineering and technical elements of these threats. On the social engineering side, this means helping educate partners, employees, contractors and customers not to click on links in emails that appear to be legitimate.

The technical element may be even harder to address as traditional anti-­spam and anti-­virus solutions may not recognise threats presented by links in the body of a fake email. While web proxies may pick up malicious links, they cannot protect all of the devices that employees and clients use to connect to the web. In addition, malicious emails are increasingly being crafted to be indistinguishable from messages sent by legitimate organisations. 

The answer lies in multi-­layered, cloud-­based security systems hosted in Australian data centres that protect against traditional and advanced threats before they reach the network. By adopting a ‘zero trust’ approach that treats every email as possibly malicious and checks links ahead of users clicking on them, a business can thwart the intentions of criminals.

Nick Lennon is the country manager of cloud provider Mimecast Australia

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

How hackers infiltrate firms
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
Scales of Justice
Dec 15 2017
Timing ‘critical’ in unusual contempt of court ruling
A recent case could have interesting implications for contempt of court rulings, according to a Ferr...
Dec 14 2017
International arbitration and business culture
Promoted by Maxwell Chambers. This article discusses the impact of international arbitration on t...
Papua New Guinea flag
Dec 14 2017
World-first mining case launched in PNG
Citizens of Papua New Guinea have launched landmark legal proceedings against the country’s govern...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...