A leading lawyer and security expert has cautioned UK law firms that their failure to tackle online security is leaving clients increasingly vulnerable.
The warning by London-based Seth Berman, executive managing director of Stroz Friedberg and a former Assistant US Attorney, comes amid growing concern of an escalation in state-sponsored espionage.
“The security and risk landscape is changing rapidly and it’s the very
nature of law firms that makes them an active target. Firms should,
therefore, step up their vigilance and protection,” said Seth Berman,
who heads up Stroz Friedberg’s UK team, a leading global digital risk
management and investigations consultancy. “We’re facing an increasingly
sophisticated array of adversaries, which makes it more important than
ever for law firms to recognise the severity of such threats.”
Tried and tested methods for eliciting information, such as Nigerian
‘419 frauds’ that promise millions of dollars in return for personal and
bank account details, remain favourites. However, phishing emails are
becoming increasingly elaborate and targeted. They are now actively used
to obtain trade secrets, commercially sensitive information and
intellectual property from law firms’ lawyers.
Recent reports by UK and US intelligence agencies have suggested China
and Russia are putting greater resources behind industrial espionage
operations, in an attempt to bolster their commercial interests. Late
last year, the FBI reportedly convened a group of 200 New York firms, in
an attempt to underscore the heightened risk of cyber attacks and
Seth Berman continued: “Corporates have a statutory duty to address such
threats, by safeguarding all confidential and sensitive information.
There is no doubt most law firms recognise their own obligations and
have taken steps to shield client data. But the sector is unusual in the
way it deals with information, which sees personal details of
individual partners, associates and lawyers readily available on firms’
There is growing concern information from individual firms’ websites and
the significant growth in the use of social media networks aimed at
professional users, such as LinkedIn, may be used by hackers to gather
information, before launching increasingly sophisticated phishing
“Law firms need to realise that they are being targeted and must tailor
policies and training to address this threat,” concluded Seth Berman.