Law firms are perfect targets for cyber attacks

September 28, 2016 10:16 am

“Dear Clients, it is almost a daily occurrence that we read about cyber-attacks in the news. We regret to tell you that, on or around September 3, 2015, our firm was the victim of a single cyber-attack.”

Does this email look familiar to you? It’s no surprise if so, as a shocking 80% of the biggest law firms in the country have been hacked since 2011. Law firms are prime targets for data breaches.

Why are law firms targeted by cyber-criminals?

Law firms are often targeted because of the data they hold including:

  1. Trade secrets
  2. Undisclosed mergers and acquisitions
  3. Intellectual property
  4. Litigation plans
  5. Finances
  6. Confidential client information

The most common type of cyber attack is known as spear phishing where a targeted email is sent out aimed at a specific firm and the individual is tricked into clicking on a malicious link or downloading a malicious attachment.

SiteLock has put together an interesting infographic related to this matter called, ‘Law Firm Data Breaches [Infographic]’

What firms are most at risk?

All law firms, not matter size or specialism are vulnerable and let’s be honest, a security breach is the last thing that any lawyer wants to admit to their client. Even though cyber hacking is an issue for a wide range of businesses/industries and clients tend to be sympathetic, no one likes having that potentially awkward conversation.

Cybersecurity training is essential

The Government and Law Society are constantly urging solicitors to develop the skills required to protect not only themselves but also clients from cyber-attacks.

Solicitors should all have adequate training that helps them to prevent information breaches and other threats that could end up costing thousands, and in some cases millions, of pounds.

Law Society deputy vice-president Robert Bourns, said, “Cybercrime has the potential to compromise both clients’ and solicitors’ sensitive data. Training to raise awareness and understanding for all involved in practice is an important part of protection.”

Have you heard about the Cyber Security Information Sharing Partnership?

The Cyber Security Information Sharing Partnership, otherwise known as CISP, is a joint initiative between the industry and Government. The aim is to share any cyber threats and information relating to vulnerability so that there is an increased awareness of cyber-threats and ultimately reduce the impact on businesses in the UK.

Are you taking the basic precautions against cyber-attacks?

With the SRA constantly sending cyber attack alerts, it is amazing that some firms are still failing to take basic precautions against cyber-attacks. As discussed above, if there is a serious lack of training professionals on the dangers of cyber security and no proof of delivering a consistent message to protect critical client data, firms leave themselves open and become an easy target.

By firms putting in place a routine check, especially those who undertake conveyancing, they can avoid:

  1. Increased insurance premiums
  2. Professional indemnity claims
  3. Internal stresses
  4. Reputation and brand damage – possibly the most important factor.

For far too many conveyancers the phrase, “I know most of the firms I’m dealing with”, forms a worryingly significant part of the due diligence process. Back in the day, the conveyancing industry was based on trust, but unfortunately, due to the advancements in technology and substantial amounts of cash becoming redundant, this strategy can no longer be relied on.

Clients are at risk too…

It’s not just law firms and conveyancers who are opening themselves up to personal and professional risk, the threat of client’s monies going astray is also increased. Let us think back to the case of Santander v RA Legal as this just goes to show how devastating fraudulent activities in ‘Vendor Conveyancing Fraud’ can be. Taken from the Lawyer Checker blog,

“The judgement stressed that the burden of proving the conveyancer acted ‘reasonably’ is on the defendant; it should take into account all elements of reasonableness in its broadest term, rather than whether the loss would have not occurred ‘but for’ the conveyancing failures.”

In the worst case scenario, some firms have to ‘shut up shop’. A deposit for a property may be able to be brushed underneath the carpet whereas the loss of the full value of the property cannot. You may be thinking that your personal indemnity insurer will cover the costs but there is a high chance that premiums would massively increase (sometimes double) and it is this that can cause potentially devastating effects in the long term.

Are firms with a low public profile at risk?

Cybercrime prioritises targeting those who are the most vulnerable. Even forms with a low public profile are not safe. If data does not appear valuable, in the cybercriminals eyes it can still be stolen and ransomed. Another thing to take into consideration is that most of this crime is committed digitally, making it almost impossible to police. Police simply do not have the resources to trace the attack.

Paul Tucker, Business Development Manager at Lawyer Checker, said, “Doing due diligence alone is not sufficient, there must be a risk management process in place to underpin the due diligence process. No one is able to stick their head in the sand and say you didn’t know the risks. The courts will not find this acceptable and neither will your professional indemnity insurers.

“If a problem occurs, you have to show you did everything reasonable to establish the identity of the other side. Your risk management processes need to be robust; they have to be clear and logical for the staff to follow and all grey areas, need to be eliminated. Having spoken to Insurers and Brokers recently, it is clear that they are keen to hear from firms that they have policies and processes in place to manage the transactional risks involved in a conveyancing transaction.”

How can Lawyer Checker help?

Lawyer Checker is an online service which provides risk management solutions to the conveyancing industry.Their checks enable conveyancers to gather detailed information on the conveyancer tow which they are sending money to or their own client they’re dealing with. Conveyancers are able to better assess the associated risks with transferring funds throughout the whole property transaction.

Lawyer Checker also provides firms with the tools that gives them peace of mind that due diligence is in place before releasing the client funds.

Firms are able to check bank details provided and make sure it’s the bank account used for conveyancing transactions. If it is not regularly seen in their database and they cannot give immediate satisfaction to proceed with the transaction in question, Lawyer Checker will provide full due diligence on the firm.

If you would like to talk to the team to find out more about Lawyer Checker, please do not hesitate to call on 0845 481 0325 or email at

Return to Newsfeed