Law firms and lawyers face risks from doing business online every day. Email communications, digital files, privileged client and business records and sensitive financial transaction information are all attractive to hackers. To stay safe online, it’s important to know the risks, minimize exposure and protect against potential impacts. Here are the top four cyber risks faced by law firms in 2020.
1. Crypto-Jacking Malware
Crypto-jacking malware is a type of malware that can slow down your firms’ computers, infect your website and even lead to a data loss or security breach. In general, malware is any type of software code that runs on your computer without your knowledge or permission. Some varieties, like viruses and ransomware, make their presence known, while others, such as spyware and crypto-jacking, run quietly in the background.
- Any type of malware represents a risk to your data, security and business, but crypto-jacking is one of the top emerging threats.
- Crypto-jacking uses web browsers or downloads to hijack the CPU power of a victim’s computer for crypto-mining.
- Legitimate crypto-mining, related to digital currencies such as Bitcoin, uses vast networks of computers to validate and secure cryptocurrency transactions.
- Miners earn small amounts of crypto for their trouble, attracting bad actors.
- When crypto-jackers take control of your computer, it can infect your terminal, server or website.
- It can cripple and slow down your computers so you can’t use them, leading to a crash and even data loss.
- This can also lead to business interruption, data loss or breach and reputational damage for your firm.
2. Business Email Compromise Scams
Business email compromise (BEC) scams represent one of the greatest cyber risks for law firms. As the name implies, BEC scams involve the compromise of your firm’s email security. Cyber criminals may gain access to a real email account or create a false account to spoof a genuine contact. All firms are at risk of BEC scams, but for firms handling financial fund transfers for clients, the risk is particularly high. Scams typically involve one or more of the following:
- Compromised personal email accounts
- Compromised vendor email accounts
- Spoofed lawyer email accounts that contact your clients
- Fraudulent requests for W-2 information
- Diversion of payroll funds
Often, the scammer directs a lawyer completing a planned transfer of funds to send the funds to the scammer’s account. Funds are further transferred outside the country, where recovery becomes difficult. A recent FBI report counted more than 23,000 BEC scam incidents last year, resulting in $1.7 billion in losses for businesses. The risk of BEC scams to law firms is increasing as more sophisticated methods of deception evolve.
3. Data Breach
The sensitivity of data kept on file at your firm like case materials, financial data and other private legal communications are attractive to cyber criminals. A data breach could jeopardize cases and client matters, damage your reputation and lead to litigation and regulatory actions. Here is what to know:
- Data breaches happen when information is accessed without authorization.
- Vulnerabilities that can lead to a breach include system exploits, weak passwords, out-of-date software, browser and email downloads and malware attacks.
- Consequences of a breach may be felt immediately or continue to pile up as a data breach incident unfolds.
- Effects of a data breach are wide ranging and take time to sort out and repair.
- Due to fewer security and technology resources, small- and medium-sized businesses are at higher risk of a data breach.
- Costs of a data breach are rising, reaching an average of $3.92 million per incident in 2019 according to IBM.
- Financial impacts of a breach are felt more strongly in the United States, where the average cost of a breach tops $8 million.
4. Maze Ransomware
Newer threats are often more dangerous to your law firm due to limited awareness, understanding and defense. This is the case with recent ransomware attacks by the hacker group, Maze. A typical ransomware attack involves breaching your firm’s secure systems and injecting malware which encrypts your data, making it unreadable and inaccessible. The hackers then offer to decrypt your files if you pay a ransom.
However, with Maze ransomware, an additional copy of the victim’s data is stolen, partially or fully published, and the hacked company’s identity publicized by the attackers. Nearly 30 businesses and organizations have been targeted by Maze in just the last few months, including several law firms:
- An 11-lawyer firm in Texas had fee agreements and diaries for personal injury cases stolen and published in January.
- A two-partner firm in Oregon was targeted in January.
- Three small South Dakota firms, ranging in size from 13 to 27 lawyers, were targeted in January.
- A large US firm of over 900 lawyers was forced to take some systems offline as a precaution after a suspected intrusion in February.
- Two Canadian firms lost access to their email, accounting software, Word documents and all backups in April.
Defending Against Cyber Risks
Defending your law firm against the top emerging cyber risks must take precedence. ABA Model Rule 1.15 requires attorneys to safeguard their clients’ property entrusted to counsel, including that stored digitally.
Along with awareness and understanding of the top cyber threats, it’s important to take measures to reduce the likelihood of a cyber incident:
- Work with a cyber security professional to ensure your computer systems are up to date and secure.
- Install and properly configure antivirus and firewall tools to prevent data breach incidents.
- Utilize secure passwords that are unique and difficult to guess.
- Be aware of social engineering techniques, such as unauthorized password reset requests, impersonated credentials and phishing scams.
In the event your firm does experience a breach, it’s imperative to make sure you have the right cyber liability insurance coverage. Choose broad comprehensive coverage that covers privacy breach notification expenses, litigation, loss of income, regulatory fines, penalties and other related expenses.
Contact your Lockton Affinity insurance representative to learn more about cyber risks and coverage options at (844) 863-5948.