8 Phishing Strategies Hackers Use to Infiltrate Your Law Firm

Phishing attacks are surging out of control and 97% of law firm staff cannot identify a phishing attack. Falling victim to a phishing attack costs firms millions of dollars, destroys reputations, and sends clients running for the hills if they learn your firm has fallen victim. Leading cybersecurity expert, Michael Glasser, EVP of Frontline Managed Services shared top tips for how law firm staff can protect against phishing attacks and identify the strategies hackers use to gain access to firm and client data. Here are some of the top tips Michael shared on the webinar:

Tips to Avoid Being a Victim of Phishing

Be aware that your law firm is a target for attackers.

Law firms are considered “honey pots” for attackers and are prime targets. According to the ABA, 1 out of every 4 law practices is a victim of phishing attacks and, last year alone, 25% of firms reported that their firm had experienced a data breach. With the average cost of an attack being 4.24 million for the average-size organization in 2021, cybersecurity is something that law firms are taking very seriously in 2022 as attacks continue to escalate.

Create a culture around cybersecurity.

Law firm staff are the frontline of defense for a firm’s data. Even with all the appropriate hardware and software security measures in place, one wrong click from an employee can open the doors to a ransomware attack. It is critical to create an environment in the law firm of “see something, say something” by empowering employees with the knowledge of how  avoid falling victim to a phishing attack and what steps they should inadvertently. An excellent way to provide this knowledge is through monthly cybersecurity awareness training.

Always pause and assess an email or text message for red flags before clicking a link or attachment.

One of the reasons law firms are such a target for attackers is because they know the break-neck speed with which law firm staff operate. If you are rushing to reply to an email, attackers know that you will likely miss the red-flags and fall for their trap. Instead, make it a habit to pause before taking action and scan the email for one of the red flags Michael describes on the webinar.

If you see something, say something.

Cybersecurity is no longer only the responsibility of your IT staff, it is critical that everyone within your law firm understands that they have a responsibility to help protect the firm against phishing attacks. Your firm is only as strong as your weakest link. If you realize that you clicked on a phishing email, it’s very important to speak up and share with your IT provider what happened. If you wait and don’t tell anyone, it could make the problem worse and will allow the attacker time to gain access to more firm data and cause more damage. Sharing the potential data breach as quickly as possible is the best thing you can do so action can be taken to stop the attacker and warn others in your firm.

Always verify with the sender before you click a suspicious email.

Should you receive an email that appears odd or suspicious, but it appears to be from someone you know, pick up the phone and give them a call before you take any action of sending funds, clicking a link, or opening an attachment. The best way to verify that the suspicious email you received is legitimate is by calling the sender directly to verify they sent the email.