Why law firms are a “treasure trove” for hackers

It has come to our attention that law firms are under increased pressure to secure their data after a growing number of information security lapses.

Just last week it was revealed that the ICO investigated 173 law firms in 2014 for potential data breaches.

Whether law firms have businesses or individuals as their clients, there are definite gains to be made for successful hackers.

Highly sensitive information

Law firms are often seen as a point of entry to access clients’ patents, unreleased business plans, sensitive corporate financial information, delicate personal information, company secrets, business strategies and intellectual property.

Not only can hackers use this information for extortion and resale, they can also use it to blackmail or even formulate a socially engineered attack against the client.

According to Harvey Rishikof, co-chairman of the American Bar Association Cybersecurity Legal Task Force, “Law firms are very attractive targets. They have information from clients on deal negotiations which adversaries have a keen interest in. They’re a treasure trove that is extremely attractive to criminals, foreign governments, adversaries and intelligence entities.”

Lawyer working habits

At one time, client files were kept under lock and key in filing cabinets, or even in underground vaults. Now, lawyers use a multitude of devices to access information on the go, many of which are not encrypted.

According to the International Legal Technology Association 2014 Survey:

47% of law firms do not encrypt laptop hard drives
62% do not encrypt removable media (e.g. USB drives)
86% do not encrypt desktop hard drives
81% do not employ advanced threat protection
90% have no phishing/social engineering testing of users

Timothy Hill, technology policy adviser at the Law Society, said firms needed to start taking cyber threats seriously. Failure to do so, he said, could not only result in direct financial loss but also reputational damage.

ISO 27001

Many law firms are now implementing an ISO 27001-compliant information security management system (ISMS) to manage their sensitive information better while also proving to their clients that they take information security seriously. In fact, four of the top UK law firms have achieved certification to the Standard, including DLA Piper, Clifford Chance, Linklaters, and Allen & Overy.


If you’re a law firm looking to improve data protection compliance or security contact JMS Secure Data for a FREE Data Protection Health Check to identify any non-compliant DPA risks in your business.
Book a Data Protection Health Check with our team: Click Here
Speak to one of our Team Now: Call us on 020 3397 9026 (Opt 1)

Leave a Reply

Your email address will not be published.

Some of our clients

Warning: Invalid argument supplied for foreach() in /homepages/42/d502798052/htdocs/public_html/wp-content/plugins/logo-slider/ls_logoslider.php on line 488