Cybercrime, ransomware, phishing, and cybersecurity are becoming familiar words in the workplace. More businesses are becoming victims of cybercrime and law firms are the latest industries to be targeted with an increasing amount of phishing and ransomware attacks. Cybersecurity must be considered a business risk, and not a matter of compliance.
According to Accenture, South Africa has the third most cybercrime victims worldwide, losing R2.2 billion a year. Low investment in cyber security and immature cybercrime legislation makes South Africa a target. Most South African companies have poor cybersecurity practices in place, making them vulnerable to data loss. To successfully fight against malicious intent, it is imperative that companies make cybersecurity awareness, prevention, and security best practices a part of their culture.
Since Covid-19 pandemic, with the increase of people worked remotely, an alarming increase of cybercrime has been experienced. This has resulted in a huge spike in phishing, business e-mail compromise, and ransomware attacks leading to widespread fraud and extortion. Company systems were expanded to include home networks which has increased the opportunity for fraudsters to impersonate employees.
When businesses or individuals are faced with a cybercrime, the police are often unprepared for this type of crime. Legal practitioners are often the next port of call. Companies seek out the support of legal practitioners during their insurance claims process. A legal firm hold client’s money and various confidential information which is exactly what cybercriminals are after. If any of this information gets exposed, it will expose the legal firms into incredibly challenging legal circumstances let alone brand reputational damage. Consider how conveyancers and legal practitioners provide a fantastic opportunity for invoice fraud and the theft of client funds. They are ideal targets for double extortion ransomware attacks due to the impact of being named and shamed and the significant reputational damage will lead to payment.
Cybercriminals are always searching for information about their victims, the victims’ clients, employees (especially those in Information Technology and Finance) and will trawl the dark web for breached information on employees or stolen organisational data.This includes breaches from other companies. This enables cybercriminals to attack causing massive damage and destruction through business e-mail compromise. They then demand a pay-now-or-get-breached or name-and-shame ransomware technique. There are cases where fraudsters impersonate the sellers and divert the proceeds of the sales from conveyancers with requests for bank account changes including impersonating emails appearing like they are from the legitimate sender. Funds are then paid into the attacker’s fraudulent accounts with sellers left wondering where their money has gone. This results in large sums of money fraudulently diverted which can completely wipe out businesses, particularly smaller firms. People lose their jobs when in fact, the employer should protect their employees by deploying the correct cybersecurity measures.
To avoid this happening to your Law Firm or any business, your business continuity plan should evaluate the potential impact of a cyberattack. Think about the financial impact of business interruption, the costs of response and recovery and the implications of lost data and your client’s data. IronTree, can protect your business from fraud, threats, and hacks, ensuring privacy compliance and eliminating costly downtime through their comprehensive cybersecurity package with has a strong emphasis on always keeping organisations safe – in summary, data security. IronTree offer the Sendmarc solution, which uses intelligent technology as well as effective management reports to entirely prevent email impersonation and spoofing attacks.
Sendmarc ensures that you, your colleagues, your clients, and your suppliers will receive only legitimate emails from the intended sender. Sendmarc mitigates a flaw in email design that lets a criminal insert any sender’s address in a forged email, a tactic now widely exploited by criminals.
Businesses, especially Law firms should be extremely concerned if data gets leaked and exposed. The repercussions include civil penalties, reputational damage, and the cost to the business if clients no longer trust your business. Organisations have large volumes of data, not all of it contains personal information, but all of it needs to be protected. It is well worth it as a legal practitioner to demonstrate to your partners, clients and other third parties that you take cyber security and the protection of their data, seriously.
For more info contact IronTree [email protected]
