Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

How to Phish Your Law Department Before the Hackers Do

By Casey C. Sullivan, Esq. on November 04, 2015 2:53 PM

Basic cybersecurity skills aren't that complicated. A vigilant eye -- and good filtering software -- can protect you from many malicious online tricks, like phishing. Phishing, if you're not familiar, is a form of email fraud where messages appear to be legitimate in order to steal sensitive information. An email purporting to be from your HR department, for example, could ask for your company password and poof: Russian spies are all over your email system.

Phishing attacks can result in millions of dollars of damage and corporate legal departments are some of the most gullible targets. Thankfully, testing your team is pretty easy and a great way to identify weaknesses before hackers exploit them.

Gone Phishing

Setting up a phishing test is simple. If you, or your IT guy, are skilled at "computer stuff," you can create a temporary web server, put up your own phishing site, and send out your own phishing emails. This takes a fair amount of work and design, though.

If you're less of the DIY-type, there are plenty of easy phishing services out there as well. PhishMe, Wombat Security, and Phish5 all provide simple, quick cybersecurity testing services. PhishMe, an SaaS company, puts employees in "simulated phishing scenarios with targeted security education delivered directly to their inboxes." Phish5 lets you design and send out phishing emails to up to 10,000 people at a time. Consider it like having your own in-house, white hat hacker.

Most importantly, your phishing test should not compromise your colleague's data. You want to test their vulnerability, without actually stealing their data. According to Phish5, no sensitive information will be stored, transmitted, or saved through its program. The program clears all forms before submission. You learn that data was submitted, but nothing more.

Get Ready for Your Department to Fail the Test

Odds are, your legal department won't get an A+ on their phishing test. Legal departments, along with communications and customer service offices, had the highest rates of opening phishing emails, according to Verizon's 2015 Data Brach Investigation Report. Phishing attacks accounted for 20 percent of "significant threat actions" over 2015, Verizon reported.

If your legal department does well, congratulations! You've passed cybersecurity 101. If everyone starts handing their social security numbers, corporate credit cards, and mother's maiden names over, however, don't despair. Some targeted training is usually enough to help fill in your cybersecurity holes.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard