A Quarter of Lawyers Click On Phishing Links…Honest

An eye-opening headline hit the legal news in early August 2022 appearing to demonstrate that around a quarter of lawyers had inadvertently clicked on a computer link which in fact turned out to be phishing and scam emails.

Where Did This Come From?

The seemingly shocking results had been revealed to the profession on 2nd August 2022 following a survey which had apparently been circulated by a Public Relations specialist business which had been instructed by a customer which had expertise in cyber security. The survey was carried out over the duration of twelve weeks and involved legal professionals being sent numerous dummy links which were sent in text messages and emails. When the persons targeted by these experimental emails were in receipt of them the test involved assessing whether the legal professional had made the decision to click on the dubious link or not to do so. This was in an effort to assess the likelihood of the links being clicked on by the targeted persons. The data which emerged from the experiment would then supposedly be analysed and a set of results would then be disclosed for consumption by the legal profession and the wider public.

What Did It Find?

As hinted at in the opening paragraph the results of the survey revealed somewhat alarmingly that twenty-five percent of the workforce employed by providers of legal services have the habit of clicking on links contained within the content of emails. However, to their astonishment they then transpire to be phishing emails.

Conclusive Evidence…Right?

This all appears to be above board. However, by way of balance and on much closer inspection all was not as it seemed in the headlines. When the numbers in the survey were analysed in greater detail this is when matter became significantly more interesting. It revealed:

• a questionable methodology whereby the number of persons targeted in the sample was less than ten.
• in fact the survey only approached eight legal professionals and
• when the results were read further it soon became apparent that only two legal professionals had clicked on the mock links

Suspect Specimen?

Persons with expertise in the cyber security field had gone on the record commenting that the results appear to suggest the measures supposedly being put in place, monitored and enforced are failing miserably. However, due to the minute sample of persons who were targeted by this experiment sample and the grand total of two legal professionals who had made the decision to click on the phishing links many have seen fit to doubt the weight to be attributed to such survey results as to do so would be too sweeping a judgment.

Way Forward?

Despite the low sample size and results leading practitioners in cyber security appear to suggest that the findings demonstrate that the training provided to legal professionals is not up to the job. However, as a result external law firms and in-house legal teams should be taking action by:

• advising members of the workforce on the threats surrounding cyber security
• raising awareness of emails containing phishing links
• warning them not to click on these links
• implementing a culture whereby staff members are encouraged to report incidents to cyber-security professionals in the IT Department
• put in place a communications strategy whereby they should create a culture of open internal communication
• ensure that their internet security is up to date and protected to mitigate against the risk of future incidents taking place and
• making sure that their insurance provision is up-to-date to reduce the financial losses in the event of a cyber-security breach.

ASSESSING FIRMS

#BlakeMorgan #LClyde&CoLLP #CapsticksLLP #Hempsons #KingsleyNapleyLLP &RadcliffesLeBrasseur #BatesWells #CMS #DACBeachcroftLLP #FieldFisher #HerbertSmithFreehills #Russell-CookeLLP #BlackfordsLLP #CharlesRussellSpeechlysLLP #KeoughLLP #MurdochsSolicitors

THE ARTICLE WAS WRITTEN USING THE FOLLOWING SOURCES

[1] Obiter – Law Society Gazette – Phishing for headlines with a sample size of eight - Law Society Gazette – 3 August 2022 - Phishing for headlines with a sample size of eight | News | Law Gazette

[2] National Cyber Security Centre – Mitigating malware and ransomware attacks - Mitigating malware and ransomware attacks - NCSC.GOV.UK

[3] The National Law Review – How Law Firms Can Prevent Phishing and Malware – 4th February 2020 - Phishing and Malware Prevention for Law Firms (natlawreview.com)