84% of British law firms are still vulnerable to email fraud, according to a survey carried out in June 2019 by the National Cyber Security Council (NCSC).
Less than one in five firms have adopted the domain-based messaging authentication, reporting and conformance (DMARC) system, the same study found. DMARC stops phishing emails at the gateway or it sends it into your junk folder. It also prevents cyber criminals from spoofing or impersonating a legal firm’s domain, severely inhibiting their ability to successfully carry out email fraud.
In this article, Sprout IT considers other ways that legal firms can enhance their email security in the absence of Mimecast, DMARC, or both. We’ll cover:
- why you should start first with reducing the likelihood of human error
- the importance of encryption across all extensions, platforms, and apps
- the reasons to be wary POP/IMAP
- updating your software regularly and test your network and systems
- considering moving your emails to a secure cloud platform – with inbuilt encryption
Reduce the likelihood of human error
Although there are a number of technological steps you can take to improve your email security, it’s also important to reduce the risk posed by human error by making sure your staff are knowledgeable about cyber awareness.
Employees in any legal firm should, ideally, be able to recognise common email infiltration tactics including malicious file attachments and malware, spoofing and other common cybercriminal tactics.
As well as potentially damaging your IT systems – causing you to waste time and money getting things fixed – careless email practices can cause particular problems for law firms, an industry for which data protection and client confidentially is key.
To avoid data breaches caused by poor email security, resources should be put into training your staff on the potential dangers posed by current online behaviour. Training should be regular and rewards should be offered to staff whose adhere to your company’s security and data protection guidelines prevents potential attacks.
As a responsive law practice, you should also consult with your firm’s IT department to create mitigation tools which can be used to flag up potential employee-related security issues before they have the chance to compromise your systems. Your IT department should also be able to install a series of additional safeguards to help protect your business online such as network access rules and email password management.
Encryption across all extensions, platforms, and apps
With data being one of a law firm’s most valuable assets, it’s essential that your communications are fully encrypted.
Thankfully, there are a number of apps on the market, such as Legaler, WhatsApp and Dust, which allow you to send and receive encrypted communications online, greatly reducing the risk of the potential security issues faced when using standard email platforms.
These applications and extensions allow you to exchange electronic files and attachments, to conduct video and voice conferences, and to send messages securely over encrypted channels that are robust enough to make sure you meet your ethical duties of competency and confidentiality when dealing with sensitive client data.
If your company is using an existing email system like Gmail for Business, you can add an extra layer of security to your communications by installing a browser extension such as Virtru, which offers end-to-end protection to your messages and the files you transfer within them.
POP/IMAP is a protocol which determines how your incoming mail is moved, saved, deleted and synced between devices, such as your smartphone, PC and tablet. Although used by many businesses throughout the world, POP/IMAP has relatively few security features compared to more modern, encrypted systems of online communication.
Perhaps the greatest threat posed by using POP/IMAP is the fact that anyone who has access to your email password and IMAP/POP server settings – such as a former employee or cybercriminal - can set up their own devices to receive your messages without your knowledge.
If your law firm requires your emails to be synced across a number of devices, make sure that you change your passwords at regular intervals or use a two-factor online authentication tool such as Sprout’s multi-factor authentication to offer an additional layer of security when logging on to your inbox.
Update your software regularly and test your network and systems
Although encryption is important when communicating online, ultimately it’s only as good as the systems into which it’s embedded. So, if your business hosts its own email system, for example, it’s important to make sure your IT department regularly updates your servers to make sure your systems are as secure and up to date as possible.
For employees, it can be tempting to ignore prompts to update your computer and other devices, particularly as these updates often add more time to our already busy schedules. However, security patches are released for a reason and are vital for avoiding vulnerabilities in your system and ensuring the ongoing security of your software and apps.
Consider moving your emails to a secure cloud platform – with inbuilt encryption
Signing up to a commercial cloud hosting platform should be a consideration for any modern law practice looking to streamline their IT systems. Unlike some self-hosted platforms, cloud-based software offers full encryption, whether you’re accessing your emails from the PC in your office or from your mobile as you’re travelling between meetings.
As well as being able to access your emails at anytime, anywhere, Cloud-based platforms such as Mimecast boast a number of benefits such as spam filters, encryption of sensitive data, password management, the prevention of data leakage and regular email backups, helping you meet your data privacy and security obligations.
Ensuring email security for your practice or chambers
Cybercriminals continue to aggressively target solicitors’ practices and chambers to steal and then sell on your clients’ valuable personal and commercial information.
In 2013, Sprout IT became the UK’s first Mimecast Certified Technology Specialist Business Partner. Since we became accredited, our staff have both outstanding product knowledge and experience in implementing the system. We still absolutely believe that Mimecast's email is the best cyber security email solution for the legal sector.
Mimecast Cyber Resilience For Email Solution is easy to manage, it is very cost efficient, and it prevents cyberattacks before they happen. When a cyberattack is particularly sophisticated, Mimecast Cyber Resilience For Email Solution minimises disruption to your practice or chambers and its infrastructure allows your firm to recover email and data quickly after an attack. The service delivers threat protection, adaptability, durability and recoverability via the Cloud.
If you’d like to speak with one of our experts on the suitability of Mimecast Cyber Resilience For Email Solution for your practice or chambers, please call Sprout IT today on 020 7036 8530 or email us. To learn more about legal IT, check out or resources.