For most law firms, ransomware is just another cyber threat. And, as we all know when it comes to all cyber threats, an anti-virus, firewall, traditional SA&T, and a positive “it won’t happen to us” attitude are enough to ward them off, right?
Wrong. Very, very wrong.
But anyone that attended our free webinar, “How to attack law firms using ransomware”, already knows that. It’s available to watch on demand—so you can’t use your busy schedule as an excuse to stay in the dark.
Of course, that’s not the only take away from our webinar. Here are a couple of pills that lawyers found difficult to swallow:
1. Most lawyers are not “digital natives”, and cyber criminals know that
Come on, an industry that still relies on briefcases probably isn’t super tech-savvy.
Needless to say, that makes the legal sector particularly vulnerable to cyber attacks. At a time when hybrid and remote working is taking over, having people using tech that they aren’t adequately prepared to navigate safely isn’t exactly ideal.
Basic cyber hygiene—getting people to set a passphrase, encrypt files, and use two-factor authentication (2FA)—is a great starting point. But most law firms aren’t even there yet. Much less at the point where their people can spot ransomware emails. And that’s concerning, to say the least.
2. They don’t take confidentiality as seriously as they claim
For lawyers, there are few things more important than client privilege.
The legal sector allegedly takes confidentiality seriously. But that all seems to go out the window once data breach is concerned. Law firms just aren’t keeping up with human layer security. Which means they aren’t taking the right measures to protect client data—and, therefore, uphold their privilege.
To make matters worse, according to Jonathan Armstrong—Partner at Cordery Compliance—some law firms opt to pay the ransom. Why’s that so bad? Because it doesn’t guarantee that client data won’t end up in the dark web anyway.
And it makes the industry even more prone to attack because criminals know it’ll be worth their while.
3. Cyber criminals are more sophisticated than lawyers
No one ever believes they’ll fall for a scam. Until they do.
Listen, we’re not talking about the “Long-lost Prince” scams you can sniff from a mile away. We’re talking sophisticated social engineering attacks that people probably won’t see coming.
These attacks are tailored to your industry, organization, and to you. And if spotting malicious emails was tough before COVID, it’s much, much harder now that there isn’t anyone by the water cooler to double-check with before clicking.
Want to experience all the mic drop moments from the webinar yourself? Watch it here.
e webinar, ‘How to attack law firms using ransomware’.