While many firms have risen to the challenge of securing a remote workforce, some may not aware of the evolving threats on the horizon—or in their inboxes.
- 5 Security Measures Law Firms Must Have
- About Frontline
- Admin Training Videos
- Administrative Managed Services
- Application & Technologies
- Arctic Wolf
- Baseline Assessment Review
- Calendar
- Careers
- Client Training Videos
- Contact
- Contact Thank You
- Events
- Financial Managed Services
- Frontline Home
- Frontline Home
- Insights
- IQTrack
- iRIS
- IT Managed Services
- App Development for Law Firms | Frontline Managed Services
- Cybersecurity Services for Law Firms | Frontline Managed Services
- Help Desk
- IT Administration Services for Law Firms | Frontline Managed Services
- IT Engineering Services for Law Firms | Frontline Managed Services
- IT Legal Operations Powered by ServiceNow
- Managed IT Services Solutions
- Network Monitoring Services for Law Firms | Frontline Managed Services
- Legal Cybersecurity: How to Protect Your Firm Against Rising Threats
- Litigation Services
- Login
- Office in a Box
- Press
- Privacy Policy
- Safeguard Your Law Firm: Key Steps for Law Firms to Implement and Maintain Effective Security Policies
- Skillbuilder
- System Status
- Webinars
- #5823 (no title)
- 4 Ways Law Firms are Saving Billable Time and Increasing Cash Flow Through Automation
- 8 Critical Aspects of Cybersecurity Training for New Law Firm Employees
- 8 Phishing Strategies Hackers Use to Infiltrate Your Law Firm
- Effective eBilling Solutions for Law Firms
- Increase Profitability and Free Up Billable Time by Optimizing Your Cash Cycle
- Is Your Backup Protecting Your Firm’s Data? 4 Critical Aspects of a Successful Disaster Recovery Plan
- Looking Ahead While Looking Back: Best Practices Road Map for A/R in 2023
- Maintaining A/R Stability During Crisis Instability
- Mobile Devices & Social Media – Discovery Considerations for ESI Preservations
- Optimizing the Client Intake to Cash Process: Best Practices to Maximize Firm Profits
- People, Process, and Technology in a Work from Home Environment
- Ransomware Realities
- Secure Your Firm’s Data
- Security Resource Constraint – A Modern Problem for Legal Presented by Frontline Managed Services & Arctic Wolf
- Virtual Lunch & Learn: Top Tools Law Firms Can Leverage to Work Seamlessly From Anywhere
- 5 Security Measures Law Firms Must Have
- About Frontline
- Admin Training Videos
- Administrative Managed Services
- Application & Technologies
- Arctic Wolf
- Baseline Assessment Review
- Calendar
- Careers
- Client Training Videos
- Contact
- Contact Thank You
- Events
- Financial Managed Services
- Frontline Home
- Frontline Home
- Insights
- IQTrack
- iRIS
- IT Managed Services
- App Development for Law Firms | Frontline Managed Services
- Cybersecurity Services for Law Firms | Frontline Managed Services
- Help Desk
- IT Administration Services for Law Firms | Frontline Managed Services
- IT Engineering Services for Law Firms | Frontline Managed Services
- IT Legal Operations Powered by ServiceNow
- Managed IT Services Solutions
- Network Monitoring Services for Law Firms | Frontline Managed Services
- Legal Cybersecurity: How to Protect Your Firm Against Rising Threats
- Litigation Services
- Login
- Office in a Box
- Press
- Privacy Policy
- Safeguard Your Law Firm: Key Steps for Law Firms to Implement and Maintain Effective Security Policies
- Skillbuilder
- System Status
- Webinars
- #5823 (no title)
- 4 Ways Law Firms are Saving Billable Time and Increasing Cash Flow Through Automation
- 8 Critical Aspects of Cybersecurity Training for New Law Firm Employees
- 8 Phishing Strategies Hackers Use to Infiltrate Your Law Firm
- Effective eBilling Solutions for Law Firms
- Increase Profitability and Free Up Billable Time by Optimizing Your Cash Cycle
- Is Your Backup Protecting Your Firm’s Data? 4 Critical Aspects of a Successful Disaster Recovery Plan
- Looking Ahead While Looking Back: Best Practices Road Map for A/R in 2023
- Maintaining A/R Stability During Crisis Instability
- Mobile Devices & Social Media – Discovery Considerations for ESI Preservations
- Optimizing the Client Intake to Cash Process: Best Practices to Maximize Firm Profits
- People, Process, and Technology in a Work from Home Environment
- Ransomware Realities
- Secure Your Firm’s Data
- Security Resource Constraint – A Modern Problem for Legal Presented by Frontline Managed Services & Arctic Wolf
- Virtual Lunch & Learn: Top Tools Law Firms Can Leverage to Work Seamlessly From Anywhere
Unfinished Business: The Pandemic Cybersecurity Gaps Firms Haven’t Filled
How the Pandemic Affected Cybersecurity
Business disruption plans weren’t made for a pandemic. And neither were law firms’ cybersecurity. The transition to a remote workforce last year left many firms scrambling to address their heightened cyber risks and plug vulnerabilities in their IT systems.
Almost two years later, however, it’s clear that firms have made great progress closing the gap. They’ve gotten their employees set up with secure devices, implemented VPNs, and expanded the frequency and scope of cybersecurity training, among other measures, all while tailoring those fixes to a more remote workforce.
But for all their success in meeting the challenge, a few worrisome oversights still remain. And it’s possible that some firms don’t even know they exist in the first place.
State-of-the-Art Phishing Scams
For one thing, firms may be underestimating just how advanced some phishing scams have recently become. “I think they’ve come a long way from where they were, let’s say December 2019, but there’s still a couple of gaps. One is they don’t understand how sophisticated these attacks are and how much harder they are to distinguish from what they would consider to be legitimate senders of legitimate traffic,” said Mark Sangster, vice president and industry security strategist for detection and response provider eSentire Inc.
He added, “I don’t know that they’ve truly come to terms with the adversary they face and how sophisticated, how targeted and how dedicated these criminal groups are.”
As one example, he pointed to a cyberattack in June of this year, where a cybercrime group named FIN7 tricked a firm into opening a fake legal complaint purporting to be from the Brown–Forman Corporation, a wine and spirits company. The email was not picked up by the firm’s spam filters, nor flagged as suspicious by firm employees, according to eSentire.
Such sophisticated attacks are even more troublesome because some firms, primarily smaller ones, still aren’t placing enough emphasis on cybersecurity training. “Many smaller firms aren’t… making sure their employees have a cybersecurity posture by using security awareness training, and sending out spam and spoofing emails to test their employees,” said Michael Glasser, equity partner at Frontline Managed Services.
He added, “I think a lot of smaller firms are still under the impression that ‘it can’t happen to me.’”
Staying on Top of Cyberattacks
Training is most valuable if firms keep aware of the evolving ways cyberattackers are attempting to infiltrate them. “Whether they’re a small firm or medium-sized firm, they’ve always got to be on top of what’s going on in the industry so they can properly train their people,” said Gulam Zade, chief legal officer at Frontline Managed Services.
But it’s not just hyper-targeted phishing scams that demand more law firm attention. Sangster noted that law firm-specific infrastructure could also come under more threat in the near future.
“So in 2021, I called that the year of IT utility and infrastructure attacks. We had SolarWinds, Kaseya, and Microsoft and Citrix—all of those [companies] were all attacked and when their systems were infiltrated then the criminals could use those trusted systems to then infiltrate their client base, [which included] law firms in this case,” he said.
“What I predict is going to happen, and 2022 could be the year for it, is an attack where criminals target a specific infrastructure within a law firm. … So what happens, as an example, when they target a specific document management system or a specific time and billing system, and they are able to discover a vulnerability?”
The Growing Role of IT Services in the Legal Industry
To be sure, many firms are paying attention to the security of the legal tech systems they employ, and many legal tech companies have also made cybersecurity a priority in their products. But Sangster cautioned that “some of these vendors don’t have the same level of resources as major players like Microsoft or Citrix, so they need to be extra diligent.”
Unfortunately, it’s not an unrealistic scenario—just last year, both an e-discovery provider and a case management tool were hit by ransomware attacks.
By: Rhys Dipshan
Read full article here.