A new study examining the security practices of law firms has found that only 16% of the top 95 law firms in the UK have sufficient measures in place to fully protect against email fraud. With phishing representing 93% of breaches in 2018, this revelation serves as a stark warning to law firms in the possession of the strictest of confidential consumer information.
Last year, one of the National Cyber Security Centre’s (NCSC) legal partners reported receiving over 11,500 phishing emails per month. Phishing emails can take many forms, from supposedly being sent from a senior partner at a firm asking for confidential documents to be sent to them, or requesting an invoice to be paid to a third party in a conveyancing chain.
When Red Sift analysed the domain-based messaging authentication, reporting and conformance (DMARC) records of the primary email domains of these leading UK law firms, only 16% had executed DMARC at the fullest protection, meaning phishing emails can be stopped at the gateway, or redirected to the junk folder.
Today, DMARC is the only technology solution available to stop these spoofed emails from being sent, and is strongly recommended by the NCSC. DMARC authenticates the email sender ensuring that a hacker cannot impersonate the law firm’s domain, and thus commit email fraud.
With law firms under a duty to replace any lost client monies, Red Sift warns that the financial burden of future email fraud attacks could be crippling.
The Solicitors Regulation Authority’s annual Risk Outlook report provides the sector with the latest advice on tackling information security breaches. This report acknowledged cybercrime as a ‘significant concern for law firms’ in 2016/17 and this threat has continued to intensify with the 2018/19 report calling out cybercrime as a ‘priority threat’.
Research methodology: Red Sift conducted an analysis of the top 95 law companies in the UK on 21 June, 2019.
Dr Rois Ni Thuama, Head of Cybersecurity Governance at Red Sift will be at the European Legal Security Forum all day on 2nd July with a presentation at 1 pm.
About Red Sift
Red Sift is a data-driven cybersecurity company on a mission to democratise the technology vital for organisations of any size or sectors to defend against security threats. With a platform based on machine learning technology, Red Sift offers users a dashboard of tools – from network monitoring to email analysis and authentication – designed to safeguard users and brand reputation.
Founded in 2015 by serial entrepreneurs Rahul Powar and Randal Pinto, Red Sift is headquartered in London, UK, and boasts an impressive client roster including TransferWise, Telefonica, Action for Children, and top UK law firms. Find out how Red Sift is delivering actionable cybersecurity insights to its global customers at www.redsift.com.