Thank you for sharing!

Your article was successfully shared with the contacts you provided.

If the movies formed your understanding of cybersecurity threats against the legal profession, you would believe that criminal syndicates are hacking into law firms constantly. These organizations would apparently have endless technology and gadgets, penetrating networks using the most sophisticated “James Bond” techniques that even the best defenses in the world could not possibly thwart. Recent news reports do not paint a much better picture of the many “bad guys” getting access to confidential information and data entrusted to both big and small law firms. The reality is different and much less glamorous and sophisticated than we see in the media.

The truth is, however, that law firms are responsible for safekeeping some of the most valuable, sensitive and highly confidential information of companies and individuals. The breadth and value of that information makes them a lucrative target for so many different types of bad guys that span almost every human threat vector one can model. The other reality is that, while most of these attackers are motivated, very few of them have evil lairs filled with supercomputers and spy gadgets in their arsenal. Unlike the movies, however, they unfortunately do not need those tools to be successful bad guys against law firms.

The Threat

“Social engineering” is the human side of hacking that does not involve the cracking of passcodes or infiltration of networks. It uses information a bad guy may have gained by, for instance, utilizing a public search engine to find out about a partner, associate, employee or client or even a case or a corporate or real estate transaction, and convincing an individual to click on a malicious (though seemingly bona fide) file directed at them by using accurate information that was easily uncovered from routine Internet searches. Once the file is clicked, all the external “super” defenses the law firm has put in place, such as firewalls, spam filters and dual authentication, have little chance of stopping the theft. Social engineering is targeted at all levels of a firm from the receptionist, paralegals, accounting staff, lawyers, to even the firm’s information technology professionals. It is the single most effective and actively used method by the bad guys in targeting law firms. It is also the cheapest and easiest to effectuate, thus allowing even low-level crooks to be successful.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.