Lawyers Must Recognise the Value of their Data and Take Security Precautions
- Guest Blog by Richard De Vere, Principal Consultant, The AntiSocial Engineer Limited
Whilst content in our 9 – 5 employment, slightly resentful that our personal activities aren’t getting the attention they deserve, it’s easy to forget about the true value of things around us – especially their inherent value to other walks of life. Similar to a life of slavery in ‘The Matrix’ we start to just see the ones and zeros, contracts, pdf’s, ledgers and scribbled notes.
It’s hard to imagine a criminal world where there are no regular pay cheques, no need to wear a suit, people making up the rules as they go along, no Christmas parties, no AGMs and so forth. It’s all just so alien to our mindset in business that we feel we have no reason to focus on these carefree, parasitic lifestyles. But we should, or else, our ignorance could be our downfall.
Hackers, cyber-criminals, fraudsters or whatever they get labelled, are just people in search of a slightly better-off life. Based on all the crooks I’ve met, the thing nearly all of them have in common is a blunt ‘laziness’.
I’m reminded of the following quote by Bill Gates: “I choose a lazy person to do a hard job. Because a lazy person will find an easy way to do it.”
This quote sums up perfectly why a criminal would rather target your law firm. Criminals after credit card data, target hotels – i.e. the aggregators of these details. Criminals after sensitive data for extortion or of victims regularly transferring large sums of money, target law firms. These hubs of commerce are fast becoming centres of illegal industry and are big targets.
It’s about time that law firms analysed the security risks and firmly instituted preventions. By this I don’t mean a new device or an extra padlock on the filing cupboard! It’s time to embed a real security culture and put into motion implementations.
This said, it’s not all doom and gloom. The best defence is knowing where the security risks in the organisation are, and being aware of the tricks of the ‘criminal’ trade and the variety of ways in which they will target you, ‘the individual’, so that the necessary measures can be taken. Let’s take a look:
These emails are hard to spot, so as a rule, NEVER make a bank transfer based on an email request.
Documents, data and processes that are considered routine by lawyers are often extremely valuable to cyber criminals. Firms must be acutely mindful of this and indeed the fact that criminals are adept at deception and manipulation to successfully gain the data for their own financial gain. A well-rounded awareness of breach methods and approach to security is essential.
About Richard De VereRichard De Vere (@AntiSocial_Eng) is the Principal Consultant for The AntiSocial Engineer Limited, he has an extensive background in penetration testing and social engineering assessments, including ‘red team', ‘phishing’ and ‘smshing’ exercises, and information gathering assessments for financial institutions and some of the UK’s largest companies.