Fraud and cybercrime vulnerabilities in the legal sector

Research into the risks impacting the top 200 UK law firms and the possible challenges for the Irish sector.

The cyber landscape is becoming increasingly complex and keeping pace with the evolution of cyber threats is an ever increasing challenge for law firms. 

Our colleagues in the UK have recently published research showing that the vast majority of the top 200 UK law firms have significant unaddressed cyber risks. 

The findings of the research are stark and the issues the UK sector face are equally applicable to an Irish perspective. It highlights the need for all firms to take action to protect against cyber-attacks.

This Fraud and cybercrime vulnerabilities in the legal sector report has been developed by our colleagues in Crowe UK, KYND and University of Portsmouth’s Centre for Counter Fraud Studies and is available to download.

Key findings

1. Email spoofing
91% of the firms analysed are exposed to having their website addresses spoofed and used to send spam, phishing or otherwise fraudulent emails (either internally or externally).

2. Vulnerable services
80.5% of firms were running at least one service, such as an email server or webserver, with a well-known vulnerability that could be exploited by hackers – putting them at high risk of attack from cybercriminals who specifically target services with known vulnerabilities.

3. Out-of-date software
21% of firms had at least one service that was using software which was out of date and no longer supported by the developer, putting them at higher risk of attack and service failure.

4. Certificate issues
23% of firms had at least one security certificate which had expired, been revoked or distrusted. This means clients, prospects or applications would not be able to securely connect to websites using such a certificate.

5. Domain registration risks
79% of firms had at least one domain registered to a personal or individual email address, representing a significant threat to business continuity and domain ownership.

What actions should firms take?

If you are concerned the findings of this UK research could relate to your Irish firm, Crowe Ireland can provide the independent verification necessary to ensure your firm is protected.

We can help you to:

• obtain comprehensive insight into your firm’s cyber risk exposure
• address specific vulnerabilities in your externally facing IT infrastructure that could be exploited by hackers
• identify whether any of your firm’s email addresses have been compromised
• take actions to prevent exploitation of potential cyber risks

Contact a member of our legal sector team to find out how we can help your firm protect against fraud and Cybercrime.