• About
  • Offices
  • Careers
  • News
  • Students
  • Alumni
  • Payments
Background Image
Bennett Jones Logo 100 Years
  • People
  • Expertise
  • Knowledge
  • Search
  • Menu
  • Search Mobile
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
View all
Practices
Corporate Litigation Regulatory Tax View all
Industries
Capital Projects Energy Funds & Finance Mining View all
Advisory
Crisis & Risk Management Environmental, Social & Governance (ESG) Governmental Affairs & Public Policy
View Client Work
Insights News Events
New Energy Economy Series COVID-19 Resource Centre Business Law Talks Podcast
Subscribe
Bennett Jones Centennial Menu
People
Practices
Industries
Advisory Services
Client Work
About
Offices
News
Careers
Insights
Law Students
Events
Search
Alumni
Payments
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
 
Blog

Law Firm Credentials for Sale on the Dark Web: Understanding Your Cybersecurity Vulnerabilities

January 23, 2018

Written by Ruth E. Promislow and Katherine Rusk

Law firms are being vigorously attacked by hackers. This is unsurprising given that law firms are repositories of incredibly valuable and commercially sensitive information about their clients and maintain large sums of money in their trust accounts.

Lawyers should be paying particular attention to a white paper published yesterday from RepKnight. The cybersecurity company searched the Dark Web and found over a million leaked and hacked credentials from top law firms in the United Kingdom. These firms may now be vulnerable to the theft of highly sensitive information as well as other cyberattacks—chances are good some of them have already been compromised.

RepKnight searched for 500 different UK law firms on the Dark Web, including ‘magic circle’ firms and global firms with UK offices. They found compromised credentials from every single one of those firms, more than half of which had been posted within the last six months.

When hackers obtain passwords as well as email addresses, they can use bots to launch ‘credential stuffing’ attacks where the same login information is attempted on multiple sites. Because of how common it is to repeat the same password over different sites, this can result in breaches across multiple networks. The leaked information also puts employees at risk of identity fraud and ‘spear phishing’ attacks, where information is used to specifically target and individual. LawPRO has reported on spear phishing attacks across Ontario over the past few years.

RepKnight reports that most of the compromised information did not come from direct attacks, but rather resulted from breaches at third-party websites where law firm employees had registered using their work email addresses. Third-party service providers are a very common weak point for cyberattacks at organizations of all sizes.

Keeping client information confidential is one of the most important responsibilities of law firms. It is both a professional obligation and a key component of maintaining a firm’s reputation. Law firms which do not protect client data and their accounts may be at significant risk of breaching their fiduciary obligations, damaging their reputation, and losing money.

Sole practitioners and law firms both large and small must take steps to identify their cybersecurity risks and implement a plan to address these risks.

 

 

PDF Download

Author

  • Ruth E. Promislow Ruth E. Promislow, Partner

Bennett Jones Marks 100 Years of Service and Trust

Related Links

  • Insights
  • Media
  • Subscribe

Recent Posts

Blog

UPDATED Canadian Sanctions Targeting Russia, Belarus [...]

June 29, 2022
       

Blog

National Indigenous Economic Strategy Rebuilding Indigenous Economies

June 24, 2022
       

Blog

Achieving Net Zero by 2050: The MMV Plan as a Fundamental [...]

June 23, 2022
       

Blog

Anti-Money Laundering Rules Expanded to Include Payment [...]

June 21, 2022
       

Blog

Alberta Court Declines to Extend Limitation Period [...]

June 20, 2022
       
Bennett Jones Centennial Footer 100 Years
Bennett Jones Centennial Footer 100 Years
About
  • Leadership
  • Diversity
  • Community
  • Innovation
  • Security
  • History
Offices
  • Calgary
  • Edmonton
  • Ottawa
  • Toronto
  • Vancouver
  • New York
Connect
  • Insights
  • News
  • Events
  • Careers
  • Students
  • Alumni
Subscribe

Stay informed on the latest business and legal insights and events.

LinkedIn LinkedIn Twitter Twitter Vimeo Vimeo
© Bennett Jones LLP 2022. All rights reserved.
  • Privacy Policy
  • Disclaimer
  • Terms of Use
Logo Bennett Jones