In 2018 alone, 1,244 data breaches occurred in the United States, resulting in the exposure of more than 446 million records. Although the legal sector does not fall within the industries most likely to be targeted in a cyberattack, data reveals that more than one in five law firms have experienced a data breach. According to the FBI, law firms are “one-stop shops” for hackers because of the sheer amount and variety of client data they carry, so the frequency of attacks are likely to increase in the following years if proper cybersecurity precautions are not implemented. Like many of their peers in other parts of the country, some Orange County lawyers may be thinking, “But that won’t happen to me.” The following cyberattacks targeted organizations in OC — it may just be a matter of time before they hit law firms next:
#1 PhishingIn a phishing scam, attackers disguise themselves as trustworthy entities to fool victims into providing sensitive information, such as their usernames, passwords, and credit card information. Phishing usually happens through email, although it can also occur in social media and other channels. One recent example of a phishing attack happened just this March, causing a breach that exposed the personal data of over 1,000 Orange County Sanitation District retirees. Because they use email a lot in communication, law firms are especially vulnerable to phishing and email hacking. Attorneys or their clients usually receive an official-looking email requiring them to do something, like click on a hyperlink or visit a specific URL. Clients of a Colorado-based law firm received an email that carried a PDF document. Clicking on the file led them to a phishing website.
#2 RansomwareRansomware is a type of malware that prevents you from accessing your files in exchange for money. Paying up doesn’t solve the problem, though, because the software often corrupts or encrypts your files for good anyway. This type of attack can have devastating consequences; in April, OC public offices went out of service for several days because of ransomware that also affected parts of Michigan and New York. In 2017, global law firm DLA Piper became one of several major organizations that fell victim to a massive ransomware attack. The damage was so great that the firm, a company with offices in more than 40 countries, had to resort to text messaging and other ’90s-era technology for communication.
#3 Data leakIn 2018, about 2,800 members of the Girl Scouts of Orange County received a letter informing them that an unknown party may have obtained their personal information, including names, dates of birth, home addresses, insurance policy numbers, and health histories. The breach occurred after the crooks gained access to an organization email address. A similar event happened to Duncan Lewis in the same year. Hackers infiltrated the British firm’s IT system, harvested data, and attempted to spread sensitive staff and client information over Twitter.
The best solution is ITOrange County law firms are not invulnerable to cyberattacks, but the risks can be managed effectively with the right IT security measures and investments. Experts recommend the following to augment your law firm’s protection against cyberattacks:
- Antivirus and malware protection – These applications detect, isolate, and destroy computer viruses that may corrupt your files. Some offer basic protection at no cost, but you’ll have to pay for the entire suite of products to take advantage of all its features.
- Data encryption – If you have employees who work remotely, do look into encrypting your files. This renders information sent to and from your devices via the internet unreadable to third parties, preventing data from making sense to anyone outside your organization.
- Email patches – Email platforms usually have their own security features, but you’ll need to keep them updated. Patches ensure that all measures intended to protect your data from the latest security threats are in place.
- Cloud storage – The cloud is a pool of servers in which you can store your files and applications. Thanks to its sophisticated firewalls, the cloud is highly resistant to cyberattacks, making it one of the most secure places for your data. Cloud service providers (CSPs) can create backups of your data so you can recover them following a disaster or ransomware attack.
- Employee training – Even the most advanced IT systems will fail in the hands of careless users. For this reason, it’s important that you educate yourself and your staff in cybersecurity best practices and protocols.
- Managed services providers (MSPs) – MSPs handle all your IT needs at a fixed monthly cost. The services they offer include monitoring your IT system for threats and potential vulnerabilities, preventing attacks from happening.