In July, CNBC reported that a Russian hacker is selling access to the data of a New York City law firm for $3,500 on the dark web. What’s even more alarming is that, according to Q6 Cyber, a cybersecurity company, the firm isn’t alone. Similar information is for sale from firms nationwide.

The report said it was the work of “very sophisticated cybercriminals,”[1]

However, those cybercriminals may not need to be all that sophisticated. During a session at the International Legal Technology Association Conference (ILTACON), “Watch a 15 Year Old Hack Your Firm’s Users,” self-taught teen hacker, Marcus Weinberger revealed how easy it is for a novice hacker to gain access to a firm’s network.

At the session’s outset, attendees were advised to turn off their Wi-Fi. Then Weinberger created an imposter Wi-Fi network. But even before he could access it himself, an attendee had already logged on. At that moment, this attendee was vulnerable to:

  • Having their password stolen. That’s because too many people use the same password and login for all their accounts. So when they sign into fake public Wi-Fi, the hacker will take login information and use it to sign into other websites. |
  • A man-in-the-middle attack where a hacker inserts themselves between two parties exchanging information to gain access to it. So, for instance, if you’re sending an email to a client, the hacker will be able to see it, too.
  • Device control. Through fake public Wi-Fi, hackers can even take control of your device.[2]

Weinberger explained that all it takes to fake public Wi-Fi are some Google searches, and purchases costing as little as $1.50 from eBay (if you’re patient) and $50 from Amazon (if you’re not). With a little time and money, you could have everything you need to breach a firm’s network.

The ILTACON session proves that now, more than ever, it’s critical that  law firms employ the same stringent security as global banks and brokerages to protect their networks and ensure their confidential data never ends up for sale. These security measures include:

  • SOC 2 Type II compliance and certification. This is an independent confirmation of data security that employs a rigorous audit process to ensure electronic communications are protected.
  • Encrypted emails and data both in storage and transit.
  • Daily backup to multiple servers in discrete locations that are guarded 24/7 with both physical and cybersecurity.
  • Continuous updating and monitoring by hundreds of cybersecurity experts who are supported by intrusion-detection and virus-protection software.

Find out more ways to secure your firm: Checklist: Five Most Important Cloud Security Measures.

While these controls make it virtually impossible for hackers to breach your communication,[3] it can be cost-prohibitive for small law firms to maintain this level of security on their own. The easiest and most cost-effective way for them to achieve it is through a self-contained law practice management system. (Remember, security is only as strong as the weakest link.)

You can find this world-class cybersecurity with Firm Central by Thomson Reuters. When you subscribe to Firm Central, you can be more confident that you’re taking every step to ensure the confidentiality of your firm and your clients won’t be compromised. Even better, you’ll have everything you need to efficiently manage your matters and your firm. Sign up for a free trial today and sleep easier tonight.

[1] Schlesinger, Jennifer and Day, Andrea, “Hackers are selling access to law firm secrets on dark webs sites,” CNBC, July 12, 2018.
[2] Thompson, Ernest, “The Dangers of Public WiFi: Hackers and Fake WAPs,” Business2Community, July 11, 2017
[3] FTC, Securing Your Wireless Network, https://www.consumer.ftc.gov/articles/0013-securing-your-wireless-network