Law firms, are particularly interesting targets for computer crime. They frequently have large amounts of sensitive data, some of it of distinct value, some of it useful to criminals for a variety of reasons.
It can be used to make fake ID’s or provide the opposition with intelligence they shouldn’t have, and that’s just the tip of the iceberg. Imagine if all the firm’s data, notes, communications, were all in the hands of the opposition or a criminal. Imagine if it all simply vanished. One recent virus did this by encrypting data files and demanding money. What would happen to the typical law firm if all their online case data became inaccessible? Perhaps permanently.
Firms frequently have banking data that can be used to pilfer funds from client accounts.
Client data they posses may have value outside the legal forum. For example, a blueprint might be of interest to a bank robber. Copyright materials might be of interest to client competitors. Contracts might be of value to the opposition or a third party. Criminal and social behavior notes are valued by unscrupulous news people, as we saw in the Rupert Murdoch scandal.
Then there’s access to client networks. If the firm doesn’t have direct access to the client network via VPN, they’ve got email, and once internal email is compromised, sending emails with malware into a client network is relatively easy.
But the bad guys don’t need to get control of a firm’s email, they can, with a simple forged email that looks like it came from the firm, get a client to click on a link that infects their computer. It’s telling that simply the name of the firm can be of value to an attacker. With just a name, they can reach out and cause trouble.
Worse, firms can be targeted. Because of public filing or news, it is quite easy, in most cases, to find out who someone is being represented by, and then use that information for nefarious purposes.
Which is why law firms need to be certain they are effectively managing risks. Understandably, most don’t have the level of security in house to do the job, but help is available. By contracting a professional service to assist with risk management activities, the firm can continue doing it’s business with the assurance that they are more secure and aware of all the potential problems.
Management can make rational judgments about how much to spend, on what, and to what ends. Without professional assistance, crucial details can be missed, and gaps can remain where none appear.
Digital Trust provides security and risk management services, and we’re intimately familiar with the environment. Give us a call, or email us, but make sure you’ve looked at your risk situation, no matter who you use for security services.