In-house legal teams ‘more susceptible to phishing attacks’

In-house legal teams are at greater risk of suffering a phishing attack than most of their colleagues in other departments, according to a new study.

Verizon’s 2015 Data Breach Investigations Report has revealed that when it comes to phishing attacks, it was in fact legal, communications and customer service teams that were “far more likely” to suffer.

In an analysis of data from more than 60 countries, including the UK, the communications and technology firm delved into the reasoning behind the results to discover why these departments were at greater risk. In the report, it was acknowledged that opening emails was an integral part of these team members’ roles; however there was no statistical difference in the number of people in each of the departments who had clicked on a corrupted link.

The report highlights the need for departments and organisations that rely heavily on email communication to strengthen their cyber security software and phishing defence strategies. A potential breach can lead to the leak of sensitive personal and business data, and disrupt email communications systems and the safety of virtual private networks. In particular, legal departments in particular that deal with sensitive information and private data can make attractive targets for cyber criminals, meaning it is imperative that online security is taken extremely seriously.

Commenting on the recent results, Law Society technology policy adviser Tim Hill told the Law Gazette that while the report did use information from UK legal departments, it was unclear as to whether the findings accurately described the risk to legal teams in the UK.  He questioned whether the research was true of anywhere in the EU, adding that “rigorous data protection obligations are set to be strengthened in the new general data protection regulation and cyber security is likely to be high on in-house counsels’ agenda”.

However, while the potential risk of phishing scams may appear high, the study revealed that three-quarters of emails were not opened or “interacted” with, lessening any potential threat to business computer systems.

One of the main ways to prevent email hacking is to pay attention to password choices and encryption. In light of recent email hacks, UK government agency GCHQ has published new password guidance to help people to better protect their private data.

The new report challenged the age-old recommendation of creating complex passwords which are hard for individuals or computers to guess, claiming that they could in some cases be counterproductive, as people write them down or repeat them across multiple websites.

Ciaran Martin, director general of cyber security for GCHQ, said: “Complex passwords do not usually frustrate attackers, yet they make daily life much harder for users. They create cost, cause delays and may force users to adopt workarounds or non-secure alternatives that increase risk.” Instead the report recommended that businesses and individuals simplify their current approaches to password generation.

It went on to say that default vendor-supplied passwords should be changed before deployment of any system or software and password-sharing should be strictly prohibited. Britons were found to use the same password on average across four different sites, thereby greatly increasing the risk of their data being hacked.

One strategy individuals and organisations could adopt is to use a password manager, which can help people to generate more complex passwords that are also easier to remember. These apps or websites can store memory cues about the password, rather than the password itself, eliminating the need to write it down or store the details on your computer.

Businesses were also advised to implement two-factor authentication processes for administrators and remote workers in order to provide added protection to company email accounts and data security.

However, while the report has been welcomed for helping to address growing concerns over cyber security and email phishing scams, some experts have warned that some of the latest advice is contradictory.

Our Market Reports combine a review of the prevailing conditions in the in-house legal recruitment market with the results of a comprehensive compensation survey of lawyers registered with Barclay Simpson.