If a person walked into your law office claiming to be from IT, would your staff know how to verify them?
They might know the name of your technology provider. They might sound confident. They might even say they were sent to fix an urgent issue.
That’s exactly what makes this latest cybersecurity threat so concerning.
Law Firms Targeted in Recent Cybersecurity Attacks
According to a recent FBI advisory, a cyber extortion group known as the Silent Ransom Group (SRG) has begun targeting law firms with a disturbing new tactic: showing up in person and posing as IT personnel in an attempt to gain access to computers and sensitive data.
For years, law firms have been trained to watch for phishing emails and suspicious links. Now, attackers are taking social engineering a step further by exploiting something much harder to defend against: trust.
Why Law Firms Should Pay Attention
Law firms manage some of the most valuable information a cybercriminal can get their hands on—confidential client communications, financial records, litigation documents, intellectual property, and personally identifiable information.
According to the FBI, SRG often begins its attacks through phishing emails or phone calls posing as IT support. In some reported cases, attackers have gone a step further by appearing at victim locations and attempting to gain physical access to computers and firm data.
This is a reminder that cybersecurity isn’t just about technology. It’s also about the processes and people that protect access to your firm’s information.
Further Reading: You Don’t Buy Insurance After An Accident
Red Flags Your Team Should Know
While every situation is different, employees should be cautious of:
- Unexpected calls from someone claiming to be IT support
- Requests to install remote access software
- Visitors arriving without prior notice and requesting access to computers or systems
- Anyone claiming to represent your IT provider without proper verification
- Unauthorized USB drives or external hard drives connected to firm devices
- Emails or phone calls claiming firm data has been stolen
If something seems unusual, employees should stop and verify before taking action. A quick phone call to a known contact at your IT provider can prevent a costly mistake.
How to Protect Your Firm
The FBI recommends several steps organizations can take to reduce their risk, including:
- Establishing clear visitor verification procedures
- Training employees to recognize social engineering tactics
- Creating policies for how IT support communicates with staff
- Requiring multi-factor authentication (MFA)
- Restricting unnecessary remote access and external storage devices
- Regularly reviewing incident response procedures and security awareness training
Cybersecurity Threats Don’t Always Arrive Through Email
Sometimes a cybersecurity threat arrives in an inbox. Sometimes it comes through a phone call.
And sometimes, it walks through the front door.
Protecting your firm requires more than firewalls and antivirus software. It requires informed employees, strong verification procedures, and a culture that encourages staff to question unexpected requests for access.
At Just Solutions, we help law firms strengthen their cybersecurity posture through proactive monitoring, security awareness training, and IT strategies designed specifically for the legal industry. If you’d like to discuss ways to better protect your firm from evolving cyber threats, contact our team today.