emailfacebookinstagrammenutwitterweiboyoutube

What SME law firms need to understand about phishing attacks Accesspoint

What SME law firms need to understand about phishing attacks

Gary Shaw, group commercial director at Accesspoint, says now is the time to take action to prevent such attacks before they happen.

Gary Shaw, group commercial director|Accesspoint|

When it comes to security breaches, hindsight isn’t a luxury that SME firms can afford. And at this very moment your IT security is being pushed hard by hackers to find weaknesses. In this current climate, the smallest slip up can lead to disastrous and costly results – and for many SME firms, there will be no second chance to look back at what went wrong. Now is the time to take action to prevent such attacks before they happen. That is why it is extremely important to ensure an efficient plan is in place to cover all directions of a cyber threat before it occurs.

Where should you start?

Despite what you may think, a cyberattack is not an elaborate heist with masterminds behind the scenes. In fact, in many cases, it’s usually conducted through email correspondence, with the hacker entering the IT system through the ‘front door’ that is often opened by a busy and unsuspecting member of the team.

A scenario that we have seen happen one too many times is a ‘man-in-the-middle’ phishing attack, where a fee earner opens and clicks on a link within an email, which, on the surface, appears to be from a trustworthy source, but, in reality, is from a hacker. The hacker can gain the recipient’s trust by using a more familiar and well-informed tone of voice, possibly by customising the email to each target’s name, job role, or imitating a trusted colleague. However, by the time the recipient has realised something is wrong, it’s usually too late, as the hacker is able to entice the recipient to click on the embedded link, aimed at retrieving confidential details such as names, passwords and logins that could concern themselves, the firm or even the client.

The bait doesn’t stop there, email and website spoofing, malicious links and attachments, urgent subjects and calls to action, along with deals that are too good to be true, are just some of the other tactics that can be used within a successful phishing attack. Being able to spot any of these methods can be tricky, as the hackers are continuously improving their process with each attempt. Therefore it’s extremely important to team up with a reputable legal IT specialist to provide phishing awareness training to your whole team in order to stay up to date and alert to the forever developing phishing tactics – and make your firm less penetrable to unwanted outsiders.

In addition to being able to spot the signs of an attack, you must also encourage your team to immediately inform someone when they think there has been a breach of data. On average, it can take up to 279 days to identify a breach of data, and by that time irreversible damage can already be done. Creating a safe space for people to come forward will work in your favour – remember the faster you know about it, the faster you can respond to it.

Alternatively, explore how your firm can add additional layers of defence by eliminating the possibility of a phishing attack altogether from the root of the cause: email correspondence.

When it comes to what goes in and out of the firm, there’s no 100% guarantee of pure security as it is impossible to truly monitor what’s happening in an employee’s inbox 24/7. The best you can hope for is to significantly minimise the chances of getting caught out. In this new age of legal IT, the increasing saturation of various applications coming to market and the lack of interconnectivity could mean hackers have a better chance to exploit a firm’s current defence.

We predict a huge shift towards a completely integrated, secure, cloud-based legal platform, that can act as a utopia for efficiency, reporting and a network effect for the community. These platforms will provide huge opportunities for change and a more secure working environment. And, by adopting the use of portals, we’re set to replace the need for emails, as they can completely neutralise the possibility of an attack through a secure hub designed for not only client and solicitor communication but also a multitude of other reporting and transactional features.

We saw a massive increase in security threats when lockdown initially began, and we predict that this will continue for many firms over the next year. Perhaps now is the time to think about a change in security procedures as well as your team’s mindset and habits – exploring various methods to keep your firm safe is what is needed now.

How Clarkslegal achieved standardisation of document bundling creation with Bundledocs

Bundledocs | | 5 July 2025
Clarkslegal’s head of IT Sev Raychev outlines how Bundledocs has helped the firm improve standardisation of documents and taken its efficiency to the next level

How strategic support from Miller secured a smoother insurance renewal

Miller | | 3 July 2025
Specialist insurance broker Miller outlines how its expert support helped a client accurately review and present its thorough risk assessment to its insurers — turning caution into confidence for a smooth insurance renewal process