The vast majority of cyber crime has a financial motive. Criminals want to make a quick return, and so will target assets that they can disrupt, and operations that they can compromise. Law firms make good targets because of:
- The reliance on documents to generate revenue and provide client service. If the documents have been encrypted by ransomware, the firm grinds to a halt. The latest versions of ransomware also target databases – so the firm’s practice management system is also at risk
- The amount of email correspondence received – this provides a great opportunity for phishing attacks
- The number and value of funds transfers – especially if the firm is involved in conveyancing
We have seen a rise in attacks, especially attempted fraud, in the last two years. These attacks are sophisticated, and can involve emails from clients or other parties that appear to be genuine, and deposit slips that have been altered. Firms who have fallen victim to these attacks have sent significant sums of money to the bank accounts of criminals, and only some of them have managed to stop the transaction in time.
However, there are some easy steps firms can take to reduce their risk of becoming a victim:
- Having good policies in place – both for computer use and for funds transfers
- Having a culture that allows instructions to be queried
- Educating staff about the risks and how to minimise them
- Securing IT systems
- Ensuring that the firm has a plan to recover from an incident – whether due to a ransomware attack, a fraud attempt or a data breach
The best way to start improving the cyber security of your firm is by undertaking an Independent Security Review.