07.04.2020 3 cyber threats that can shut down your law firm

by Field Effect

Get informed and protect your client data and reputation

Each day, the odds of a cyber attack on your law firm increase. From solo firms to the top 100, no one is immune from a targeted attack.

The confidential data stored at your firm is the ultimate prize for cyber criminals. It can be used for identity theft, sold on the dark web, even to manipulate the stock market. Protecting this at all costs — and your professional reputation — are the highest priorities.

Whether it’s phishing emails used to launch ransomware and encrypt or lock your critical files — or fraudulent emails designed to redirect financial funds — your staff, clients, vendors, data, computer systems, and firm are at high risk.

Lost or exposed client data can result in steep fines, time and expense for data recovery, and extended downtime. The ability to retain clients and pursue new business are also damaging outcomes.

In fact, just two years ago, three Chinese stock traders​ ​hacked​ ​into two New York law firms, loading malware on their computer networks that enabled the attackers to view emails on pending mergers and acquisitions. Armed with this information, the cyber criminals purchased stock in at least three public companies prior to the merger announcements.

Believing your practice won’t be targeted is possibly the worst business assumption you can make. If you suffered a cyber attack and a breach of sensitive data, how would you disclose this to clients? How would you maintain your reputation? What fines would you be required to pay?

It’s time to understand the cyber threats targeting your law firm.

Top cyber threats targeting your law firm today


Phishing is a cyber attack method that attempts to gather personal information — usernames, passwords, credit cards details, even bank account numbers — using deceptive e-mails and links to malicious websites.

In fact, over 90% of the time,​ ​phishing​ emails are behind successful cyber attacks. There are 1.5 million new​ ​phishing​ websites created every month. In the first half of 2019, 1,900 potential​ ​phishing domains​ ​were registered — an increase of 14% over the first half of 2018.

Phishing relies on realistic-looking emails to fool recipients into clicking a link or opening an attachment in the email.

Here are just a few examples of phishing’s impact on law firms:

  • A 2018 report by the National Cyber Security Centre revealed that​ ​phishing​ is the most common cyber attack affecting the legal sector.
  • More than 100 law firms in 14 states submitted security breach reports since 2014 — many of the breaches were attributed to phishing
  • The Solicitors Regulation Authority 2019 revealed that of the 52% UK law firms that experienced cyber attacks, 80% were phishing attacks. The same report showed that 100% of the top 10 firms suffered a phishing attack.


Ransomware is a malicious software designed to encrypt your computer files, emails, and other data, until a ransom is paid. Strains of ransomware can completely lock your computers and devices, preventing any access to your systems. Cyber criminals are also using two-stage ransomware extortion — attacks known as “doxware” and “extortionware” — that first restrict access to your data, and then threaten to disclose the sensitive data to the public.

The U.S. Department of Justice (DOJ) has described​ ​ransomware​ ​as a new business model for cybercrime​, and a global phenomenon. This year,​ ​ransomware​ attacks are predicted to be more organized, targeted, and malicious. Cybersecurity Ventures predicts that by next year, a business will fall victim to a​ ​ransomware​ attack every 11 seconds.

Not convinced ransomware will target your law firm?

Here are just a few recent ransomware attacks on the legal profession:

  • Hackers launched a​ ​ransomware​ attack on a Providence law firm last year, locking down its database for more than three months. After a $25,000 ransom was paid, the attackers failed to provide a workable key to decrypt the files. After the law firm’s insurer denied a claim for lost billings, the law firm sued for breach of contract and bad faith.
  • The Georgia Administrative Office of the Courts shut down its online services in July after a​ ​ransomware​ attack. All ​georgiacourts.gov​ websites were inaccessible. It’s unclear how many computers and court services were affected.
  • Malware​ struck Philadelphia’s online court system last May, forcing the court to take its website, document filing systems and email servers offline for weeks.

Business email compromise and email fraud

Business email compromise (BEC) and email frauds have quickly become expensive cyber risks.

BEC typically targets a company’s financial and procurement departments or a business owner. This type of email attack attempts to initiate a financial transfer to an attacker-controlled account.

The tactics are effective. BEC attacks can result in losses of hundreds of thousands, or even billions, of dollars. According to the Federal Bureau of Investigation (FBI),​ BEC scams caused losses of over $1.2 billion for victims in 2018.

Here are a few examples of email fraud attacks on law firms:

  • Clients of one New York attorney were fooled into​ wiring​ nearly $2 million to Chinese hackers.
  • Jenner & Block and Proskauer Rose, two of the more than 100 law firms in 14 states that have reported data breaches since 2014, were also victims of ​email scams​. Both firms reported they were victimized by what appeared to be legitimate requests for W-2 forms — employees’ W-2 forms were “mistakenly transmitted to an unauthorized recipient” in 2017 based on what appeared to be a legitimate management request. The incident may have exposed Social Security numbers, salaries, and other personal information for 859 people.
  • Proskauer also reported a breach of W-2 information in 2016 when a payroll employee responded to what was believed to be an email request from a senior executive. More than 1,500 people were affected.
  • Three other law firms among the 100 —Harris Beach, McGlinchey Stafford, and Sanford Heisler Sharp— also reported unauthorized access to email accounts.

Is your law firm safe from cyber attacks? Find out.

Don’t let a cyber attack take your law firm down. Your clients’ trust and reputation are too important to risk it — take control of your cyber security now.

Contact our cyber security experts today for a free consultation to identify the security prevention you need and how to easily put it in place. Contact us today.


Request Demo

Fill out the form and we will send you details about our demo.