Large law firms routinely risk losing their client’s confidential information to fraudsters because they are careless with mobile device security, cyber experts warned yesterday.
Research based on the monitoring of 10,000 mobile devices at law firms in the UK and US found that for every 100-devices in a legal practice malware was downloaded once every two weeks. In addition, lawyers and other staff at their firms click on phishing websites on average twice a day.
The monitoring revealed that at law firms with at least 100 mobile devices, applications that transmit data insecurely and are therefore vulnerable to hacking were accessed on average 48 times a day.
Law firms in the City of London and on Wall Street are viewed by cybersecurity specialists as soft targets for fraudsters and hackers who are attempting to steal data from their corporate business clients. Individual lawyers and their firms give the impression of being less security aware and literate, therefore presenting an easier route to sensitive and confidential client information.
Among those law firms surveyed, about 30 per cent of mobile devices used outdated operating systems that were likely to have inferior security, while 8 per cent of devices did not even have a basic screen locking system. A small percentage of devices were described by the security experts as “jail broken” and “semi-jail broken”, which means they were no longer functioning in the way that the manufacturer intended.
The researchers from Wandera, a cybersecurity consultancy, claim that more than a quarter of UK and US law firms have reported recent security breaches.
Over the last year, it is understood that two of the five elite “magic circle” law firms in the City were among 48 leading legal practices hit by attackers targeting information on their clients’ merger and acquisition deals. In June, the transatlantic law firm DLA Piper suffered a significant ransomware attack that brought down the firm’s global telephone and computer network for at least 24 hours.
“With the sensitive data that lawyers carry around on their mobile devices, law firms are a prime target for attack,” said Eldar Tuvey, the chief executive of Wandera. “There are still an alarming number [of law firms] that have been slow to adapt their defences to the latest threats.”