01 July 2021
News
Free

Case Study: Law Firm Data Protection & Cybersecurity Awareness

---

Law firms are constantly fighting for their clients and defending their clients' interests.

However, they sometimes forget that they are always at risk – the cybersecurity risk. 

Law firms face many cybersecurity challenges, but safeguarding their clients' confidential information is the main objective.

 As a law firm's greatest asset is their clients' trust, the companies must take cybersecurity seriously. Failure to do so may result in a client data breach, reputation damages, expensive fines, or even a complete business lockout due to ransomware.

 According to the PwC annual law firms' survey for 2020, the top three business priorities for the next twelve months remain the same as last year: 

improving the use of technology

standardizing and centralizing business processes

improving legal service offerings 

Also, during the pandemic, the top-grossing trend was the reduction of cyber risk, as it topped as the second-greatest threat to law firms during the COVID-19.

 

caso real ciberseguridad

 At the same time, the Logicforce 2021 Law Firm Cyber Security Scorecard has found that IT and cybersecurity policies fail to cover all priority areas. Only 35% of law firms conduct third-party penetration testing to examine their defenses and actively seek weak security settings. Also, very few firms (5%) hold training at the recommended cadence, which should be improved.

 

caso real ciberseguridad firmas de abogados

 

The first step in protecting a law firm from data breaches and ransomware is implementing a comprehensive cybersecurity awareness program.

Protecting the infrastructure of a law firm from data breaches and cyberattacks and securing sensitive data stored on the employees' working devices is the main objective of a law firm's cybersecurity management system and the primary goal of their security awareness program.

1. Case of fact

Full-scope Penetration Testing and Security Awareness Training for the Law Firm

Firm Overview:

The Law Firm, which is a BSG client, is one of the industry-focused and innovative Ukrainian law firms with over 50 employees. The firm is highly recommended for transactional, regulatory, and dispute resolution projects and is named among the Top 30 most innovative law firms in Europe. 

The Law Firm provides its services mostly to the mid-market and large enterprise businesses, and their practice covers the following areas:

Antitrust & Competition

Banking & Finance

Bankruptcy & Restructuring

Capital Markets

Corporate & Commercial

Dispute Resolution

Government Relations

Intellectual Property

International Trade

Labour & Employment

Mergers & Acquisitions

Private Clients

Real Estate & Construction

Tax & Customs

 

2. Goal Definition 

Together with the Law Firm professionals, the BSG team has defined the main project objectives and challenges

Law firms, by nature, operate in a high-risk environment navigating among malware, phishing, cyber espionage, and data breach challenges.  

We have found that the Law Firm needs a fresh start of its cybersecurity program: 

full-scope penetration test using network and social engineering attack channels;

cybersecurity awareness training for all employees and top management. 

 

cibersecurity

 

The main objective was implementing security awareness principles into their daily operations.

 

3. Approach and execution 

The BSG security professionals carried out a Threat Modeling session to indicate potential threats and attack scenarios relevant to the client. 

 

cyberecurity law firms

 

The resulting threat model has shaped the project activities. As a result of the penetration test, the BSG team could achieve the ultimate assessment goal: to gain remote access to the Law Firm infrastructure with the highest possible privileges.

The project's success was demonstrated by the proof of gaining access to the top managers' laptops and reading and intervening in their email correspondence.

After the pentest, BSG has produced a report with all findings and corresponding recommendations. Along with the remediation plan for all found security vulnerabilities, the report contained the following general recommendations:

Conduct regular penetration tests – external and internal network and social engineering security assessments at least annually

Conduct security awareness training for all the Law Firm employees to prevent the attack scenarios that the BSG team could successfully simulate during the pentest.

Implement a set of fundamental corporate IT security controls to identify and react to security incidents quickly.

 

4. Conclusion and feedback

BSG professionals helped the Law Firm find and fix tens of risky security vulnerabilities in the infrastructure and business processes. After the remediation plan was completed, BSG performed a retest of all initial findings free of charge and updated the pentest report with retest results.

As a follow-up to the security assessment, BSG has delivered comprehensive security awareness training to all Law Firm employees and helped them learn how to identify and prevent modern cybersecurity attacks.

The penetration test and the awareness training helped the Law Firm boost their cybersecurity readiness, improve the efficiency of their cybersecurity countermeasures, remove identified security weaknesses, and avoid likely security incidents that might result from these issues.

Copyright © The Impact Lawyers. All rights reserved. This information or any part of it may not be copied or disseminated in any way or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of The Impact Lawyers. The opinions expressed in this article are those of the authors and do not necessarily reflect the positions or policies of The Impact Lawyers.
Newsletter

Would you like to read more?

The Impact Lawyers offers a FREE newsletter that keeps you up to date on news and analysis about the international latest legal news.
Please complete the form below and click on subscribe to receive The Impact Lawyers Newsletter subscription

2
x

The Impact Lawyers Newsletter

  • Practical templates and guides for lawyers and law firms
  • Podcasts, videos and webinars explaining how to be sucessful
  • Tips made by lawyers and other practitioners