The American Bar Association’s 2019 Legal Technology Survey Report states that 36% of surveyed attorneys claimed that their firms’ systems had been infected with viruses, spyware, and/or malware. The legal industry serves as a particularly attractive target to malicious actors due to databases that host troves of sensitive client information along with highly classified case data.
Law firms frequently collect sensitive information, including clients’ social security numbers, property titles and deeds, birth certificates, insurance information, medical history, and financial information (to name a few). Unfortunately, when hackers are able to successfully infiltrate a law firm’s network, they are able to exfiltrate data and lock access to computer systems and client data, resulting in the shutdown of business units or operations.
Hackers are leveraging the shift to remote working and targeting attorneys through sophisticated phishing emails containing malicious attachments that intend to spread malware, such as Emotet.
What is Emotet and How Are Law Firms Susceptible?
Emotet is a well-known malware strain famous for its delivery to victims through Microsoft Office and PDF files. Emotet affected 14% of organizations nationwide in September 2020 and is widely used to distribute other malware or malicious campaigns. Hackers deploying Emotet use sophisticated tactics to disguise their malicious attachments to appear to be invoices, resumes, and financial documents etc. Their latest template, “Red Dawn”, claims that the malicious documents are “protected” and cannot be viewed unless recipients enable editing or content settings, which ultimately triggers the malware.
Opening Documents is an Attorney’s Job
Being able to download, open, review, and share files amongst clients, colleagues, and relevant parties is imperative for attorneys to fulfil their job functions. These documents include litigation documents, written agreements, contracts, bylaws, deeds, and more. The use of advanced social engineering tactics makes it difficult for attorneys to determine what may be a malicious attachment and what may be a legitimate document. Hackers use industry jargon that mimic the type of file or emails legal entities typically engage with in day-to-day activities to further obfuscate their malicious intentions.
Reliance on third-parties
In order to maintain productivity and enhance efficiency, law firms typically engage with third-party organizations such as banking institutions and contracted vendors performing information technology or marketing services. In addition, law firms typically provide services to enterprises across all industries. In order to maintain effective operations, attorneys are frequently engaging with other law firms. Unfortunately, as they transfer documents back and forth they may be exposing each others’ sensitive information if the documents happen to be infected.
Attorneys heavily rely on sharing files with other law firms, third-party vendors, and corporate clients. Hackers continuously seek ways to infiltrate networks and discover vulnerabilities and today’s digital landscape has created vast interconnected ecosystems that allow for widespread security incidents to occur.
Votiro Prevents Malware Penetration and Mitigates Third-Party Risk for Law Firms
Attorney’s legal obligation to preserve confidentiality of client and case information emphasizes the need for law firms to have robust prevention solutions in place. Law firms must prioritize malware prevention solutions in their cyber defense and IT strategies.
Votiro’s Secure File Gateway product line leverages Positive Selection technology and is the only file security solution that ensures all files that enter your organization are completely safe. Votiro’s technology is proven to be highly effective in neutralizing external malicious threats without affecting the integrity and functionality of the original file. Positive Selection technology applies to all files and email files incoming into an organization, whether as attachments, downloads from the web, or uploaded from a client-facing portal.