Law firms handle some of the most sensitive and confidential information in any sector. Not only that, there are huge pressures on employees to ensure the right verdict for the firm’s clients. Add to this the large sums of money at stake in any court case and you can see why they represent nice juicy targets for bad actors/ . We spent the summer talking to law firm security leaders and technologists at various conferences. Here’s the problems they detailed and how they mitigate them.
Free as in domains
Law firms are public facing, customers can and do come in all shapes and sizes. Consequently many individual clients will use freemail email addresses. Increasingly many small businesses are also turning to services like Gmail for their email needs. Consequently, blanket banning freemail domains doesn’t work, and having to maintain and update a whitelist of individuals is a drag. What’s more, by banning freemail domains, you could potentially be costing the business money in the form of lost clients. This is where Tessian comes in. It looks beyond the domain to deeper within the content – and context – of an email to understand the sender’s intent.
Partners going rogue
Partners run the firm – it’s literally their names on the wall in reception – consequently they tend to act in a manner that they see fit, emailing case notes to their personal addresses to read later on that commute or vacation. You can’t stop them doing that – they’re the bosses, but with Tessian, you can track high profile users to understand what is being sent where and by who.
It’s not just the partners that can present problems. Lawyers are incredibly busy people juggling lots of information via email and trying to build a case around it. Statistically, that means that someone’s gonna hit the reply all rather than the reply button. Tessian’s in the moment notifications catch these human errors and alert the user to any potential dangers. It happens more times than you think.
The result depending on your jurisdiction could be serious compliance violation fines. Indeed, nearly half (48%) of the top 150 law firms in the UK have reported data breaches since the GDPR came into force in May 2018. And, of those breaches, 41% were a result of emailing the wrong person.
Forwarding exhibit A
Many law firms didn’t adopt email until the 1990s. In 1996 the UK’s leading legal technology expert, Richard Susskind, was almost banned from speaking and labelled ‘dangerous’ for predicting that lawyers would use email as their main communication method in the future, and was accused of “…bringing the profession into disrepute!” That was over 30 years ago, but technology is now everywhere. Indeed some of the biggest vendors at ILTACon were offering smart screens and projects that can access digital content from emails and shared company drives. As more case notes and legal content goes digital, the potential for email as a means of mis-distributing and mis-sharing this information grows exponentially.
Of course these three issues sit on top of all the regular ones security leaders in any sector face – rising threats, more advanced attacks and the cost of a breach rising exponentially. Tessian is trusted by over 15o of the world’s leading law firms. They rely on Tessian to protect their organizations from advanced email threats, data exfiltration and accidental data loss. Get in touch today and see how we can help your firm.