UK law firms a weak link in clients’ battle to fight cybercrime?

A leading lawyer and security expert has cautioned UK law firms that their failure to tackle online security is leaving clients increasingly vulnerable.

The warning by London-based Seth Berman, executive managing director of Stroz Friedberg and a former Assistant US Attorney, comes amid growing concern of an escalation in state-sponsored espionage.

“The security and risk landscape is changing rapidly and it’s the very nature of law firms that makes them an active target. Firms should, therefore, step up their vigilance and protection,” said Seth Berman, who heads up Stroz Friedberg’s UK team, a leading global digital risk management and investigations consultancy. “We’re facing an increasingly sophisticated array of adversaries, which makes it more important than ever for law firms to recognise the severity of such threats.”

Tried and tested methods for eliciting information, such as Nigerian ‘419 frauds’ that promise millions of dollars in return for personal and bank account details, remain favourites. However, phishing emails are becoming increasingly elaborate and targeted. They are now actively used to obtain trade secrets, commercially sensitive information and intellectual property from law firms’ lawyers.

Recent reports by UK and US intelligence agencies have suggested China and Russia are putting greater resources behind industrial espionage operations, in an attempt to bolster their commercial interests. Late last year, the FBI reportedly convened a group of 200 New York firms, in an attempt to underscore the heightened risk of cyber attacks and hacking.

Seth Berman continued: “Corporates have a statutory duty to address such threats, by safeguarding all confidential and sensitive information. There is no doubt most law firms recognise their own obligations and have taken steps to shield client data. But the sector is unusual in the way it deals with information, which sees personal details of individual partners, associates and lawyers readily available on firms’ websites.”

There is growing concern information from individual firms’ websites and the significant growth in the use of social media networks aimed at professional users, such as LinkedIn, may be used by hackers to gather information, before launching increasingly sophisticated phishing attacks.

“Law firms need to realise that they are being targeted and must tailor policies and training to address this threat,” concluded Seth Berman.