Cyber Threats Facing Legal Services: Phishing, Malware & Ransomware

Written by Maryam Khan
Written by Maryam Khan


case management software, practice management software, legal accounting software, legaltech, technology for lawyers, case management, immigration, london, united kingdomcase management software, practice management software, legal accounting software, legaltech, technology for lawyers, case management, immigration, london, united kingdom

Storing information and maintaining confidentiality is key to a law firm’s business. While representing high-profile clients on headline cases, law firms harbour data directly linked to sensitive personal and financial information relating to public figures, political matters, and private and public organisations. As a result, the legal sector is experiencing significant growth in cyber-attack risks.


Hackers attempt to gain access to private information through technical vulnerabilities within the law firm’s security network system or through sending corrupted links via email. Once this information is accessed, the confidential information is leveraged for financial gain, which is a key motivation for cyberattacks [1]. Law firms are also considered easy targets as many still use outdated systems and have inefficient cyber security policies.


Data breaches are now costing law firms millions each year, making it essential for law firms to understand these threats and prevent common vulnerabilities that could impact their reputation [2].


Understanding Cybersecurity Threats



Malware is a malicious file that launches software designed to damage and destroy a computer system. Common examples of malware include viruses, worms, spyware, adware and ransomware. Once the malicious file has been downloaded, malware can self-replicate and insert itself into other programs or files, infecting them in the process as well [3]. A computer may be infected with malware if its performance has become very slow, if the browser continues to redirect you to websites you did not intend to visit, if you receive infection warnings followed by solicitations to buy something to fix them, if you’re seeing frequent pop-up ads or if you are experiencing problems shutting down or starting your computer [4].




Phishing is a cybercrime via email, where hackers impersonate employees and pose as trusted senders to fool recipients into sending over sensitive or confidential information. Hackers normally send a corrupted link with spoofed login pages [5]. Phishing can either happen through malicious attachments or links to malicious websites, often clones of legitimate ones. While most phishing emails are sent randomly to many recipients, some targeted attacks are known as ‘spear phishing’ [6]. Here, specific individuals from specific organisations are targeted to gain access to a particular set of information. Another common type of phishing is business email compromise, where emails are sent in the form of urgent requests purporting to be from a senior associate or partner to fool a paralegal or a trainee solicitor into wiring money to the wrong recipient or disclosing confidential business information [7].


The best way to spot a phishing attack is to keep an eye out for the following;

1) Emails flagged as highly urgent

2) Spelling and grammar errors

3) Unusual requests for documents or money.

Hackers specifically use incorrect grammar not to get caught by existing technologies within a law firm, such as optical character recognition and anti-phishing algorithms, which can detect such text and block the email.




Ransomware is a form of malware that encrypts data and prevents access to that data until a payment is made [8]. It is a type of malware that uses encryption to hold a victim’s information at ransom. Different ransomware attacks are rapidly increasing to counter preventive technologies, especially within the legal sector, which is worth around £37 billion [9]. Another reason ransomware is becoming prominent is the easy availability of malware kits and new techniques [10]. Now, those looking to attack a law firm or any other organisation no longer need to be tech experts themselves. All they need to do is hire a hacker and give them a cut of the ransom proceeds.


Leading law firm DLA Piper LLP was hit by a ransomware attack that infected hundreds of thousands of computers across their platform. The global cyber event encrypted all affected files and requested a ransom of $300 in bitcoin to regain access or avoid the threat of deletion [11]. US Law firm Jones Day was also hit with a ransomware attack by hacking group Clop after targeting a third-party vendor, making it the second big firm affected by the data breach [12]. These two instances highlight the importance of carrying out due diligence both internally and externally when allowing access to law firm files and client information.


How Can Law Firms Fight These Threats?


Approximately 58% of law firms use cloud technology to manage their operations and client data [13]. Despite the cloud being safer than the physical storage of files and papers, law firms can inevitably fall victim to cloud-based cyberattacks like phishing and malware. While migrating data to the cloud can be extremely beneficial, security risks outweigh these benefits. Therefore, law firms need to work towards achieving greater cloud security by taking the following measures:


Installing Password Managers


According to OpenVPN, 25% of people reuse the same password for everything [14]. This can be a huge risk as it opens law firms to credential stuffing hacks, where leaked credentials are used on another site, giving hackers access to more confidential information [15]. Password managers use browser plug-ins and mobile applications to create, remember and autofill complex, randomly-generated passwords. They identify weak or reused passwords across websites and run a program to rewrite and save new passwords on those sites simultaneously [16]. Using password management software allows lawyers to have secure, unique passwords with the integrated password generator, eliminating the risk of password reuse. Most importantly, passwords are easily accessed while sensitive law firm and client data are protected.


Deploying Multi-Factor Authentication


Simply using one password to authenticate an employee when they log onto a computer can be risky as hackers can guess passwords. It is an even bigger risk if you reuse a single password, as discussed earlier. Therefore, requiring a second or third factor to authenticate employees when accessing law firm networks is essential. These other factors could be a code texted to your phone or biometrics such as your fingerprint or rent scan to access your account [17]. Adding these different layers of security reduces the likelihood of a lawyer being subject to a cyber threat.


Undergoing Security Awareness Training


The Solicitors Regulation Authority’s Cyber Security Review highlights the relationship between cyber security training and mitigation against cyber-attacks [18]. However, cybersecurity is not just the IT department’s responsibility. Everyone within a law firm must have a general knowledge of cybersecurity risks and prevent them and avoid scams [19]. Law firms should consider hiring third-party consulting firms with cybersecurity experience that can tailor the training offered to the firm’s practice, structure and operations.


Developing An Incident Response Plan


An incident response plan is a documented, written plan that helps law firm staff recognise and deal with a cybersecurity attack. Properly creating and managing an incident response plan involves regular updates and training. Every law firm should prepare for an unexpected data breach that could compromise their reputation, client confidence and business. Therefore, incident response plans enable law firms to detect a cyber attack early on and have a tried and tested procedure in place to help tackle it.


Other benefits of having an effective incident response plan includes not making key decisions under pressure as a framework for action has already been developed ahead of time. Other important factors are having timely responses and transparency. An example highlighting this is DLA Piper immediately informing law enforcement after detecting the breach and releasing an announcement online. Regardless of the impact of a data breach, transparency throughout the process is greatly appreciated and solidifies a greater level of trust in the clients’ eyes.


Lastly, an incident report plan should always be prepared once a data breach has been solved to redefine their data security program and breach response strategy for continuous improvement [20].


Why are taking these measures important?


Profit Loss


A cyber attack creates downtime and loss of billable hours. Not only do law firms lose hundreds of thousands in lost billings, but a further loss in bitcoin ransom. There are court costs, expenses and lawsuit fees if a law firm ends up in a dispute with its insurance company, which denies their claim for lost billings due to business interruption [21]. Moreover, there are also lawsuits from clients whose businesses were negatively impacted. All these costs, alongside the downtime resulting in billable hours, have a huge impact on a law firm’s profit margin. Therefore, taking measures to prevent data breaches and other cyber security threats is crucial to the firm’s success and continuous profit growth.


Reputational Damage


It is difficult for law firms to face the heavy media coverage that comes with cybersecurity threats. Many leading law firms and organisations have been in the headlines after a serious data breach as there is a huge element of public interest. The legal sector is built upon strict confidence and trust from clients, making a cybersecurity attack an extremely serious problem that impacts the business of high profile clients. If a law firm is a continuous victim of cybersecurity threats and data breaches, it does not create a good impression for both existing and prospective clients. Clients will either not hire a firm with a history of technical vulnerabilities or switch to one with greater security to avoid any risk.


Cyber Audits


A cyber audit involves a comprehensive review and analysis of your law firm’s IT infrastructure. It highlights any threats and vulnerabilities, exposing weaknesses and high-risk practices. There is a growing trend in clients requesting cyber audits from law firms to meet their cybersecurity expectations before being hired and trusted with sensitive client information [22]. There is a growing demand for cybersecurity protocols amongst clients when hiring law firms, as seen by LogicForce’s report where 34% of law firms reported having to undergo a cyber audit from a client. The report also stated that this percentage is expected to rise to 65% [23]. Therefore, it is also important for law firms to take cybersecurity measures from a client retention and attraction perspective. Clients who value cyber audits are more likely to hire law firms that have greater security measures in place compared to their competitors.


Final Words


While law firms cannot eliminate the risk of cyber threats, they can prevent them. This is why law firms need to ensure that their staff are properly trained in recognising fraudulent emails and a strong security system. A cybercriminal doesn’t look at businesses by industry or by the size of your business; they look for vulnerabilities, which makes it even more important for law firms to take preventive steps.




[1] R. Guilda, ‘How law Firms Can prevent Phishing and Malware’, National Law Review, Volume X, Number 35 (21) at


[2] Ibid


[3] ‘What is Advanced Malware protectin (AMP)?’, Cisco at


[4] ‘What is Malware’, McAfee at


[5] Ibid (1)


[6] ‘Phishing Attacks and How To Avoid Them: Defending against malicious emails and other phishing threats’ IT Governance at


[7] F.Y. Rashid, ‘8 Types of Phishing Attacks and How You Can Identify Them’. CSO (2020) at


[8] Z. Capers, ‘Law Firm Ransomware Attacks: What You Need to Know to Protect Your Practice’, Captera (2021) at


[9] Clive Madders, ‘Exploring The Cyber Threats Facing Legal Services’, Financial Times (2021) at ‘


[10] McAfee, ‘What is Ransomware’ at


[11 Tital File, ‘DLA Piper Ransomware Hack: What Can We Learn From It?’ (2021) at,or%20avoid%20threat%20of%20deletion.


[12] Patrick Smith ‘Jones Day 2nd Big Law Victim of Accellion Breach’, The American Lawyer (2021) at


[13] J. Herman, ‘WHat Law Firms Should Know About Cloud Computing’, Mondaq (2020) at


[14] A. D. Rayome, ‘25% of Employees Use The Same Password For Every Account’, Tech Republic (2018) at


[15] M. Dahan,‘Why you should never reuse the same password’, Comparitech (2020) at,key%20for%20all%20of%20them



[16] Ibid (1)


[17] Dave Kinsey, ‘Multi-Factor Authentication: What Law Firms Need To Understand’ (2020) at

[18] Solicitors Regulation Authority, Cyber Security – A Thematic Review’ (2020) at


[19] Jared Thompson, ‘Why is Security Awareness Training Important For The Legal Sector?’, The Cyber Resilience Centre (2021) at


[20] Travelers Risk Control, ‘Developing a Data Breach Incident Response Pan’, Travelers (2021) at


[21] ‘Law Firm Cyberattacks: Is Your Firm Protected?’, National Law Review, Volume XI, Number 225 (2021) at


[22] Ibid (11)


[23] Ibid


case management software, practice management software, legal accounting software, legaltech, technology for lawyers, case management, immigration, london, united kingdomcase management software, practice management software, legal accounting software, legaltech, technology for lawyers, case management, immigration, london, united kingdom

Similar to this article