A leading lawyer and security expert has cautioned UK law firms that their failure to tackle online security is leaving clients increasingly vulnerable to hackers, writes Linda Endersby.
London-based Seth Berman, executive managing director of Stroz Friedberg, a global digital risk management and investigations consultancy, adds his warning to growing concern of an escalation in state-sponsored espionage.
"The security and risk landscape is changing rapidly and it's the very nature of law firms that makes them an active target. Firms should, therefore, step up their vigilance and protection," said Berman, a former Assistant US Attorney.
While tried and tested methods for eliciting information, such as Nigerian '419 frauds' that promise millions of dollars in return for personal and bank account details, are still at large, phishing emails are becoming increasingly elaborate and targeted.
Such schemes are now actively used to obtain trade secrets, commercially sensitive information and intellectual property from law firms. There is growing concern information from individual firms' websites and the significant growth in the use of social media networks aimed at professional users, such as LinkedIn, may be used by hackers to gather information, before launching increasingly sophisticated phishing attacks.
Berman continued, "We're facing an increasingly sophisticated array of adversaries, which makes it more important than ever for law firms to recognise the severity of such threats."
Recent reports by UK and US intelligence agencies have suggested China and Russia are putting greater resources behind industrial espionage in an attempt to bolster their commercial interests. Late last year, the FBI reportedly convened a group of 200 New York firms, in an attempt to underscore the heightened risk of cyber-attacks and hacking.
Berman added: "Corporates have a statutory duty to address such threats, by safeguarding all confidential and sensitive information. There is no doubt most law firms recognise their own obligations and have taken steps to shield client data."
"But the sector is unusual in the way it deals with information, which sees personal details of individual partners, associates and lawyers readily available on firms' websites. Law firms need to realise that they are being targeted and must tailor policies and training to address this threat," he concluded.