Cybercrime represents the single biggest threat to the legal sector, a major new study has revealed.
The finding forms part of the University of Portsmouth’s Centre for Counter Fraud Studies research into risks faced by law firms in 2019.
Although all kinds of law firms are vulnerable to attacks, the study reveals that the largest of firms are most at risk.
In fact, 100 per cent of firms studied with a turnover of between £1 million and £10 million were found to be “wide open” to having their domains “spoofed” – the act of disguising a communication or platform from an unknown source as being from a known, trusted source.
Spoofed communications are used to send spam, for phishing attempts or sending otherwise fraudulent emails either internally or externally.
The risk of spoofing decreases slightly to 90 per cent when including the smallest firms, the study adds.
According to the report, larger law firms are particularly prone to hackers taking over their digital identity to commit cybercrimes because cybersecurity is not prioritised by upper management. The research found several instances where law firms had “failed to update servers”, were using redundant security tools and had allowed antivirus software to expire.
The research also found that eight of the 200 law firms reviewed were using digital services “known to be vulnerable to hackers”.
Commenting on the report, the authors said cybersecurity represented “a significant threat to business continuity and domain ownership”.
“It is clear that there is an epidemic of fraud and cybercrime in the UK, and this research proves that law firms are, perhaps surprisingly, still seriously exposed,” they said. “For an industry that is so closely associated with diligence and detail, the results are likely to come as a shock.”
The report added: “Firms would do well to review their resilience. Cyber-criminals need only a sliver of vulnerability to fraudulently gain access to valuable and sensitive data; are the UK’s law firms leaving the door open?”
The study comes after the Solicitors Regulation Authority (SRA) revealed that nearly a third of all law firms had been targeted by scammers in 2018.
For help and advice with cybersecurity, please get in touch with our team.