by Nick Kael
Posted on October 19, 2022
Want to interview Nick?Contact
Absolute trust is the essential basis of the relationship between law firms and their clients. Lawyers steer clients through complex and often sensitive personal and business situations, helping them navigate difficult issues to gain and retain the upper hand in disputes. Law firms must zealously guard the information they hold and demonstrate rock-solid reliability and confidentiality with every action they take. Any security lapse might drive a permanent wedge into the relationship between lawyer and client.
It is therefore surprising – perhaps even shocking – that the cybersecurity standards of many law firms are simply not up to par. Despite law firms being known targets for cyberattacks, most law firms have failed to implement modern security practices. This can negatively impact their ability to ensure the reliability and confidentiality their customers demand and require.
Law firms are a highly attractive target for cyber attackers for a number of reasons:
Despite lawyers’ professional expertise in interpreting laws, regulations and legal judgments relating to cyber law, firms still seem to lag behind when it comes to their own cybersecurity practices. Cyber attackers, of course, are not waiting for them to gear up. This gap in awareness vs. practice is probably due to a number of reasons:
The path to an enhanced security posture starts with awareness of the problem and continues with implementation of modern security techniques. Such techniques include:
Cybersecurity professionals know what is needed to secure law firms’ digital resources. If your law firm is too small to support a full-time cybersecurity expert, consider outsourcing security to a managed security service provider (MSSP).
Minimize the attack surface of your law firm to protect it from attacks and data breaches. The most common – and dangerous – attack types that can affect law firms are:
Effective security solutions can eliminate a lot of the heavy lifting required to protect your data. When choosing a solution, make sure to select one that can efficiently protect against emerging and still-unknown threats as well as those that are known. If possible, opt for solutions that are simple to implement and update, and do not interfere with user activity or impact your business operations.
Zero Trust security is an effective and secure approach for law firms dealing with sensitive data and business operations that rely on web apps, SaaS applications and third-party services. Zero Trust is based on the premise of “never trust, always verify”, meaning that access is granted only after verifying that users are who they claim to be and authorized to access the specific resource.
But even if users who access corporate apps and enterprise SaaS sites from unmanaged devices can be verified as authorized (which is questionable, given new methods of circumventing MFA), there is no way to ascertain that their devices are safe and will not introduce malware into the apps, or be coopted by threat agents to hack in.
To address this type of risk from unmanaged devices, Ericom’s ZTEdge Web Application Isolation (WAI), “inverts” RBI to protect corporate web and cloud apps. In its traditional application, RBI protects browsers, endpoints and the corporate assets against threats from web-based malware, malicious attachments and downloads, and credential theft by creating a cloud-based airgap between the web and endpoint browsers.
As WAI, RBI airgaps corporate web apps and SaaS and cloud applications from malware that might be present on unmanaged endpoints, as well as from illicit access via stolen credentials or brute force attacks. Cloud-based WAI cloaks application surfaces from attackers who scan for open ports or vulnerabilities and enforces granular controls on app and data access. WAI is a clientless solution, so there’s no need to install software on users’ personal devices or the devices of third-party service providers.
For law firms whose users work on unmanaged personal devices or that use third-party services, WAI is a valuable protection against the 71% of human-operated ransomware cases that are initiated by an unmanaged device, usually internet facing, that is compromised. And ZTEdge Web Isolation, Ericom’s RBI offering, protects firms from zero-day malware delivered via the web and the sophisticated social engineering attacks and business email compromise (BEC) to which even security-aware users fall prey.
Contact us today to learn how Ericom’s ZTEdge solutions can help law firms like yours deliver secure, reliable service to your clients and protect them, as well as the firm partners, from cyber risk.
The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.
Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.
Cybercriminals love the multiplier effect they get from attacking law firms: Hack in, and they get firm data PLUS juicy confidential client info.