Threats from cyber criminals are ever-growing and legal firms, with their wealth of confidential data, are naturally targets. This means network security is imperative and resellers have a crucial role to play in ensuring firms get the right solutions.
Confidential is a watchword for legal firms. They are trusted with huge amounts of information – be they corporate or criminal law firms – that must be kept secret. This means that network security is imperative as law firms are natural targets for cyber criminals.
Indeed, as Brian Sibley, Virtual CTO at Espria, notes, 65% of law firms have been victims of cyber incidents, and 90% of the top 25 UK law firms have faced threats, according to Cyfor Secure Cyber Security. “This means that it is very much a matter of ‘when’ rather than ‘if’ businesses will be attacked,” he adds.
“Due to the sensitive nature of the data handled by legal businesses, cyberattack is an ongoing significant threat. Legal institutions face a relentless barrage of cyber threats amplified by the proliferation of digital systems and software. According to Sophos, 59% of organisations were hit with a ransomware attack in the last year, with 32% of reported attacks starting from an unpatched vulnerability.”
Evolving threats
The threats law firms are facing are continually evolving too, adds Neil Langridge, marketing and alliances director at e92plus, “As cybercrime is evolving, we are seeing a strong movement in tactics – for example, ransomware is increasingly changing from just encryption to data exfiltration,” he says. “As organisations improve their backup and business continuity plans, the value in data is evolving to be the potential risk of it being leaked or exposed or selling it on illegal marketplaces. That means the biggest threats are changing from businesses needing their data and systems to work, to those where the data is their work.
“The legal sector saw a 77% increase in attacks in 2024 according to a recent study. The high value data of customers and case work makes them a prime target, along with the fact many are small businesses, which brings lower investment in IT, more informal processes, and greater individual control over data. Even if legal organisations aren’t the primary target, their involvement with high profile clients – business and personal – means supply chain attacks can easily bring them under the spotlight.”
Phil Skelton, business director at International at eSentire, adds that ransomware has been the biggest threat over the past few years. “Attackers encrypt data and then demand a ransom,” he says. “Or worse yet, they threaten to publish, for all the world to see, the data they have stolen in addition to encrypting the data, if the victim organisation doesn’t pay. What is changing is how attackers might try to get access to those systems in the first place.
“The most common approach remains phishing – fake messages that appear to come from a trusted source or acquaintance and asks the user to download a file or click on a link, which end up being malicious. However, these are not the only attack types that are taking place.”
Network security needs
With the variety of threats out there, network security for legal firms needs to be a combination of technology and training for the employees, says Simon Langdown, co-founder at Essenkay.
“Ensure the legal firm has a risk management plan in place,” he says. “Remember that when transferring and storing data it is not just your organisation’s data security controls and privacy controls that are important. Make sure you have a clear plan for responding to any security breaches so that any damage is minimised.”
Simon adds that when handling highly sensitive data it is essential to encrypt that data to protect from unauthorised access. “Implement multi factor authentication (MFA), which is a security process requiring a user to provide two or more verification factors like passwords, text messages on smartphones or biometrics, to ensure only authorised personnel can get access to sensitive information.
“Networks need to be secured with firewalls and WI-FI needs to be safeguarded against external threats. Make sure software that is used has up to date security patches to mitigate vulnerability. And don’t let employees use their own personal devices to access the system.”
Simon adds that it’s important to educate employees on the dangers so that threats due to human error can be reduced.
Neil notes that DPSM (Data Security Posture Management) is becoming a common approach. “As it has greater real-time monitoring, assessment and remediation than legacy (and often cumbersome) DLP solutions,” he adds.
“Insider threat is also a key area to discuss, whether from accidental data loss (such as phishing attacks) or malicious sharing from compromised individuals, who will be clear targets due to the value of the data. Sending emails (and confidential data) to the wrong recipient is also a common source of data loss, and while not a cyberattack, it’s a data breach that could easily result in a financially damaging fine.
“Business email compromise also encompasses insider threat, where individuals can be targeted and exploited to transfer funds inappropriately, especially where smaller firms may not have robust or formal processes in place that can enforce verification.”
More than a padlock
VimalRaj Sampathkumar, UKI technical head at ManageEngine, adds: “When it comes to network security, legal firms need more than just a padlock on the door, they need an entire security fortress. First and foremost is the zero trust approach: never trust, always verify. Every device and user must prove their legitimacy before gaining access. MFA acts as the double-locked vault, ensuring only authorised personnel pass through the gates.
“Encryption is a digital shield protecting sensitive data, making it unreadable to prying eyes. Endpoint detection and response (EDR) works like a high-tech security camera, spotting and neutralising threats before they can wreak havoc.
“Regular security audits are the legal firm’s version of due diligence – ensuring compliance and catching vulnerabilities before attackers do. This is not to forget the human element. Staff training remains the strongest firewall against cyberattacks. Without these robust multi-layered solutions to defence, firms are leaving their digital doors wide open.”
Lee Driver, VP of managed security services at Ekco, agrees that encryption of data in transit and at rest is also crucial for protecting confidentiality. “Especially with remote and hybrid work, and shadow AI use,” he says.
Segmentation is another key factor, he adds. “Breaking the network into secure zones helps limit the damage in the event of a breach. Legal firms should also have continuous monitoring in place to detect and respond to threats in real-time.”
Resellers
With security an imperative, resellers are crucial to providing this to legal firms. As Benn Morris, CEO at 3B Data Security, notes, resellers need to act as trusted partners, not just suppliers. “That means taking the time to understand each firm’s risk profile, what kind of work they do, the sensitivity of the data they handle, how their teams operate, and the regulations they need to meet,” he explains. “A large corporate law firm will have very different needs from a small regional practice, so solutions should be built around those specific requirements rather than pushed as off-the-shelf packages.
“It’s also important to focus on long-term support. That includes helping firms stay ahead of emerging threats, offering regular reviews of their security posture, and providing practical guidance when policies or technologies need to evolve.
“Resellers should be offering more than just licences, they should be bringing in training, implementation support and threat updates that help legal teams stay resilient. The most valuable partners are the ones who can make security part of the firm’s daily operations without adding friction or complexity.”
Stewart Parkin, CTO global at Assured Data Protection, agrees that understanding the firm’s size, structure, regulatory obligations and risk appetite allows resellers to tailor solutions appropriately. “Whether that means managed services, cloud-based platforms or hybrid security models,” he says. “Offering ongoing support, regular security assessments and awareness training can turn a reseller into a trusted advisor, not just a supplier.”
Phil adds that to help ensure their clients get the best solution, they should have a deep understanding of the specific regulatory requirements and compliance standards relevant to the legal industry. “This includes understanding the value of solutions that protect sensitive documents, client communications and financial information,” he says. “Legal firms need to ensure business continuity. Resellers should recommend solutions that minimise downtime and disruption from cyberattacks, such as ransomware protection and disaster recovery planning.
“Start with a comprehensive assessment of the legal firm’s current security posture, including the most relevant threats to the firm, such as phishing, ransomware and data breaches.
“After this, you can evaluate the firm’s current security controls, such as firewalls, antivirus, and endpoint protection, and then use the available budget and resources to recommend a tailored set of cybersecurity solutions that address the firm’s specific requirements. This may include EDR, managed detection and response, network security, identity and security awareness training.
“Law firms depend on their fee earners and their productivity, so look at how their employees are conducting remote and hybrid working. If the firm doesn’t have security in place for cloud and identity management, then that is a natural fit for further security expansion.
“Offering affordable and proven MDR services helps your legal customers ensure their business is not disrupted. Most law firms can’t afford to run their own Security Operations Centre (SOC), so providing real-time, expert threat intelligence and SOC services can enable those law firms to be secure and agile in their approach to security.”
With cyberattacks only set to increase in number, security will continue to be a high priority, so resellers will need to stay on top of this for their customers in the legal sector.
