Law firms are in an unenviable position when it comes to cybersecurity. A fundamental aspect of their work involves handling and managing important client information. This data can be a goldmine for criminals, which makes law firms an attractive target.

Cybercriminals are all too aware of law firm vulnerabilities they can exploit. Lawyers and solicitors frequently travel with sensitive data on their laptops, tablets, and smartphones. They use email accounts throughout the day and online tools that make life easier such as Dropbox for document storage and DocuSign for clients to sign off on documents.

Smaller law firms might not think they are a target, unlike large law offices who know they could be hit by targeted malware attacks or even industrial espionage.
  • In March 2018, Duncan Lewis, a firm serving England and Wales, was hacked and its clients' and employees' data were broadcast on Twitter.
  • DLA Piper had to shut down its digital operations around the world while dealing with a hack, and had to resort to communicating with people at its law firms by text messages.
Small law firms are also most definitely in the crosshairs of attackers. One of the biggest threats is criminals hacking into a firm's email server to intercept and send false emails to clients, usually to change bank details.
  • According to the UK’s Solicitors’ Regulation Authority (SRA) this form of attack accounted for 80% of cybercrimes that were reported to in the second quarter of 2018.
  • The SRA said that nearly £11 million of client money was stolen through cyber fraud in 2017. Although this figure fell in 2018, the SRA said it believed not all cyber thefts were being reported.
  • The UK Law Society also said client money stolen through cyber fraud was the biggest source of claims in 2018 (37%).
Under GDPR, these incidents must be reported to the regulator, as criminals may also have accessed data in the email account, which is likely to include personal identifiable information. As such a data breach could also lead to a small law firm being accused of legal malpractice.

Simple steps for cyber protection

Cybersecurity for small law firms need not be an onerous, complex, or expensive, it can be straightforward.
  • A simple measure, for instance, such as ensuring your antivirus protection is up to date protects against malware.
  • You should also regularly back up your files. This should be preferably somewhere off your network, such as an exterior hard drive or cloud server. This way, if you are attacked, your data can be restored.
However, human error is the biggest danger. According to the Law Society over two-thirds (67%) of all cyber-related insurance claims it received in the 18 months to September 2017 were directly caused by an employee’s mistake. These included:
  • Clicking on malicious links in emails
  • Visiting websites that hide malicious code
  • Losing devices
Each one of these can lead to attackers accessing email addresses by obtaining passwords and user names, by planting malware on devices designed to extract this information.


This can be a headache for business owners as it mirrors the difficulties of protecting end-user devices.  It's easy to say all end users' devices must be protected, and so they should, but individually managing laptops, tablets, and smartphones is time consuming, complex, and difficult.
  • Some staff may be out of the office when a new update is released and may not return for a week leaving their computers vulnerable.
  • A device may be lost or stolen and as a result, its data is vulnerable to theft.
  • Employees might be using their own devices and as such be vulnerable to malware infections that could easily find its way into the company network.
Free, centralised and easy-to-manage protection

There is an answer, however. BullGuard Small Office Security provides award-winning protection for all devices and importantly is centrally managed via a cloud-based dashboard.
  • If, for instance, 30 devices that are accessing a network and they all need protecting, even employees home computers, an email is sent which contains a link that downloads BullGuard Small Office Security onto all devices. The recipient simply clicks on it and the protection is downloaded.
  • The dashboard enables the business owner to see each device and whether the protection has been downloaded. Similarly, they can remotely apply updates to each device, remotely lock a device down that has been lost or stolen, and remotely isolate devices that have been infected to keep the company network safe.
During these unprecedented times, BullGuard is offering a free 3-month trial for small businesses, including law firms. The aim is to help small businesses and employees stay cyber safe, with free, easy-to-use, comprehensive protection. There are no catches and you certainly don't need to provide payment card information. Find out more about this unique offer by clicking here.