Robust defence of law firms’ online presence is critical to £26 billion industry, claims OnDMARC
Almost all law firms are still vulnerable to email fraud, according to a new report from cloud data intelligance firm OnDMARC.
With phishing and ransomware attacks very much on the rise in recent years, this is of real concern to the industry, which is in charge of protecting large volumes of confidential customer information.
With law firms under a duty to replace any lost client monies, OnDMARC warns that the financial burden of future email fraud attacks could be crippling.
“With over 10,000 law firms operating in the UK, handling sensitive and hugely confidential commercial and private data, there is a real opportunity for scammers to target the legal sector,” said Dr Rois Ni Thuama, head of cybersecurity governance partnerships and legal, OnDMARC. “Many law firms either don’t understand the risk or assume that their existing email systems will do the job of protecting them, even though our study very quickly demonstrated that it’s all too easy for a criminal to exploit these firms’ email domains in order to impersonate the company and send out fraudulent messages to external clients and stakeholders,” he added.
The financial burden on law firms who find themselves breached in this way could be further compounded by fines of up to four per cent of annual turnover once the EU’s General Data Protection Legislation comes into force in May 2018.
The research shows firms questioned by OnDMARC assumed that their existing IT security solutions would cover their organisation against sender fraud. According to OnDMARC, this is because these solutions don’t provide compliance with DMARC (domain-based message authentication, reporting and conformance), a recently ratified email protocol that has been approved and endorsed by the National Cyber Security Centre, part of GCHQ, as the only sure-fire way of stamping out email spoofing.
“We’re usually quick to blame human users as the most insecure element of the cyber security chain, but in the case of email spoofing, it’s the basic email systems that are being duped, which is a big reason why legal firms have experienced losses, mainly via phishing, of over £3 million in just three months,” continued Ni Thuama.