Avoid Phishing Threats at Your Law Firm

Protecting your law firm’s interest is a paramount goal. Whether the sensitive data is from cases involving your clients or involves attorneys and legal staff members, you have an obligation to invest in the security of your interests.

With the COVID-19 pandemic making remote workplaces necessary for continued productivity, you have an obligation to your attorneys, legal staff members, and clients to advocate for security and safety.

Legal service and software companies, like Lexicon, have IT professionals, who focus on the needs and goals of law firms looking to secure their data and avoid potential risks. Their cloud-based battle-tested legal practice management software allows for attorneys, clients, and legal staff to securely access and exchange information.

Best practices to maintain data security

Lexicon Chief Information Officer Brad Paubel offers the following key tips, in making sure your law firm’s data is staying secure and that your attorneys and legal staff avoid any phishing risks:

  • Avoid emails insisting on urgent action: Emails insisting on urgent action do so, in order to fluster or distract the target. Usually this type of email threatens a negative consequence if the action is not taken, and targets are so keen to avoid the negative consequences that they fail to study the email for inconsistencies or indications it may be bogus.
  • Avoid emails containing spelling errors: Most companies now use spell-checking features in email clients or web browsers to ensure their corporate communications maintain a professional appearance. Emails purporting to come from a professional source that contains spelling mistakes or grammatical errors should be treated with suspicion.
  • Avoid emails containing unfamiliar greetings: Emails sent by friends and work colleagues usually start with an informal salutation. Those addressed to “Dear XXXXX” when that greeting is not normally used, and those containing language not often used by friends and work colleagues, likely originate from an attacker and should not be actioned or replied to. Instead they should be reported to the organization’s IT security team.
  • Avoid emails that have inconsistencies in the address: There are instances when an email address belonging to a regular contact is unfamiliar. By checking the sender email address against previous emails received from the same person, it is possible to detect inconsistencies.
  • Avoid inconsistencies in links and domain names: Links to malicious websites easily can be disguised as genuine links. Therefore, it also is advisable to encourage employees to hover a mouse cursor over a link in an email to see what the link address is. For example, if an email claims to be from a business contact, but the address indicates an unfamiliar website, the email likely is a phishing email.
  • Be wary of suspicious attachments: File sharing in the office now mostly takes place via collaboration tools such as Dropbox, OneDrive or SharePoint. Therefore, emails from colleagues with file attachments should be treated suspiciously – particularly if the attached file has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).
  • Avoid emails that seem too good to be true: Emails that seem too good to be true incentivize targets to click a link or open an attachment with the promise that they will benefit by doing so. Even when phishers use social engineering to appeal to the target ́s curiosity or greed, the intended targets usually have not initiated contact. These emails should be flagged as suspicious at once.
  • Avoid emails requesting login credentials, payment information, or other sensitive information: Emails requesting login credentials, payment information or other sensitive information should always be treated with caution.

Attention to detail

By adopting the best practices detailed above, recipients of these types of emails should be able to determine whether or not they represent a threat, and accordingly deal with them.

Managing a safe and secure law firm requires constant care and attention to detail. If you are in need of IT or data security for your law firm, contact Lexicon today, and we will provide the care and attention you and your firm are looking for.