Back to Blog

Law Firms: The perfect storm for cybercriminals.

Post by |

The rise of cybercrime

In 2015 statistics showed there had been over 5.1 Million cases of online fraud and over 2.5 Million cases of 'cybercrime' reported to the Police (via 'Action Fraud'). Meaning you are more likely to be a victim of cyber related crime than physical crime (burglary or assault).

Many law firms rely heavily on Cloud computing, which has reduced the technical risks of security vastly, but law firms rely heavily on people and people are inherently more insecure. cybercriminals know this and are targeting law firms for this very reason. Law firms are the perfect storm for cybercrime.

The perfect storm

The legal profession is an industry that is built on integrity, trust, reputation and deals with every level of society in every aspect of personal and professional life. Law firms pride themselves on their heritage, and diverse range of services which stretch quite literally from 'cradle-to- grave'.

It is precisely because of this diversity in the people/companies that law firms deal with, the age of the business and because they value their reputation that criminals are targeting them.

Just one example of fraud

'Conveyancing Fraud' is a great example where a more common 'CEO Email Fraud' is targeting law firms.

Conveyancing Fraud is carried out by a cybercriminal who will steal your companies identify, creating fake company email addresses, perhaps even a fake website and will then target your clients requesting monies to be transferred to fake accounts, held by the cybercriminals.

In 2015 a couple in London had over £340,000 stolen when cybercriminals 'spoofed' the accounts of them and their solicitor. Posing as the client and then the solicitor, they tricked the solicitor into transferring £340,000 to a fraudulent account.

Guilty or not guilty?

In the above example; who is guilty? Who had been 'hacked'? The couple? The Law Firm? Who needs the protection?

Conveyancing Fraud is just one reason Law Firms are a perfect target, the others range from the amount of information held (and the value it has) to the age of some of the IT systems we use. Indeed, antiquated thinking and antiquated systems mean rich pickings for savvy cybercriminals.

What can we do?

Firstly, starting thinking of this as a Business issue, not an IT problem. Yes, there are technical measures you should take. But putting in some human intervention will reduce your risks vastly. cybercriminals are 'banking' on you having automated systems and processes, and on a public that is time-poor, cash-rich and completely trusting of the legal profession.

So here are 3 things you can do today to reduce the risk of becoming a victim of cybercrime;

  1. Train your staff: Don't click on untrusted links, or open attachments from untrusted sources. Train them to be cautious.
  2. Think about what we send: We need to be aware of the confidential content in emails and consider carefully what we send via email.
  3. Speak to your IT People: Those running the legal practice need to speak to their IT team about security and ensure Anti-Virus and Malware protection is in place. How often it is updated, and where is it installed. Your IT team can help massively in the protection of your practice, but don't leave it to chance or simply assume everything is in place.

In conclusion

Of the three above, the easiest and most important step is to train your staff. Take a step back. Look at the issue as a business issue, not a technology issue. It is recommended that this training is undertaken by a third-party and is not merely focused on your IT team. Everyone needs to understand the importance of good security, and ensuring this is considered across all aspects of the practice is important.

Remember; cybercriminals have done what everyone has done; They've gone online. The problem isn't going away and all that we can do is weather the storm. Those who will survive are the ones who are prepared for that storm.

About the Author:


Gary Hibberd was appointed as Managing Director of Agenci back in 2012. Gary’s passion for all things cyber was sparked in 1985 when he began his as a programmer. As a result of that passion Gary went on to become a renowned expert on ISO 27001 and GDRP. Today, Gary is a passionate practitioner and regular speaker on cyber security.

Gary speaks across the Globe to both large and small business as well as private and public organisations. He loves to engage the next generation of cyber experts speaking in schools, colleges and universities. As part of his busy life Gary has authored books on cyber security and business continuity as well as contributing to government initiatives on cyber security and counter terrorism. If that wasn’t enough in his personal life Gary is an avid obstacle race participant and fitness fanatic. Gary can count the Worlds Longest Obstacle race amongst his many personal achievements.

| See all our contributors
Back to Blog