The Recorder details how law firms are the latest industry to come under scrutiny for their lax cyber security standards. Some clients are even requiring their lawyers to demonstrate that they have robust IT before they'll hire the firm. With so many firms needing to upgrade their IT, this could be an opportunity for tech contractors to find steady work from new clients.
If you're thinking about expanding your IT services to include offerings for law firms, let's review two things that will help you transition into this industry:
- Why law firms are suddenly worried about cyber security.
- How you can market your services to law firms.
Why Law Firms Are Suddenly Worried about Cyber Security
Clients are beginning to put pressure on law firms to increase their cyber security because firms are often the weakest link in a chain of data custody. Imagine you work for a corporate law firm that advises companies, helps them make deals, and drafts business contracts. Your network would have…
- Investor information.
- Financial data.
- Access to escrow and trust accounts.
- Future mergers and acquisitions information.
- Business IP.
- Patent applications.
If criminals accessed your network, they would have a treasure trove of business and financial data. This threat isn't just hypothetical. Hackers were recently able to steal a 6-figure sum from a trust account. How were hackers able to steal so much money?
Law firms sometimes hold large sums of money in trust accounts when their client wins or loses a case. If the client loses, they send this money to the firm. The firm then wires it to the other party's lawyers, and hackers have caught on to this. The American Bar Association warns that by targeting a trust account, cyber criminals were recently able to steal hundreds of thousands of dollars from one law firm.
Business Insurance reports that law firms are extremely concerned about cyber risk – nearly 80 percent of firms cite it as one of their biggest worries. Yet the same survey found that 72 percent hadn't assessed how much a data breach would cost their firm.
Those numbers show that a majority of law firms have serious worries about their cyber risk but haven't done anything about it yet – which is a great opportunity for tech contractors to find more work.
IT Sales Advice: How to Market Cyber Security to Law Firms
If you haven't worked with a law firm before, you may be unfamiliar with the particular cyber risks they face. Depending on the type of law the firm practices, they may need additional security for…
- Client data.
- Proprietary business information or contracts.
- Online accounts (e.g., trust accounts).
Because each firm might have vastly different data security concerns, listen to their problems before offering any solution. The best way to market your information technology firm is to show that you understand the industry-specific risks law firms have and can offer a solution. For example, if a law firm has trust accounts, they may be at risk of a spear phishing campaign.
Spear phishing attacks steal email credentials from high-ranking employees and use this access to email subordinates. Once hackers have access to a partner's email account, they send an email to a lower-level employee at the firm directing them to transfer money or take other actions that allow hackers to have access to the network or money.
To secure a law firm's data, you need to offer technical, educational, and policy-making solutions that prevent exposing flaws in cyber security. For tips on client education, see our Customer Education Kit, a free resource you can distribute to your clients to teach them a few basic strategies to reduce their cyber risk.