Cybersecurity fundamentals

Understand the basics of cybersecurity for law firms.

Why cybersecurity matters

In line with global trends, cybercrime is a growing problem for the profession, as client account funds and confidential information can be an attractive target. Unfortunately, Irish firms have been victims of increasingly sophisticated attacks. An attack can impact on your client relationship, your reputation, and your firm finances. However, armed with appropriate knowledge and support, you can greatly reduce the risk of a successful attack. In this section, we detail how several common attacks work, and provide links to useful resources.

Common types of attack

Ransomware is a form of malware whereby an attacker blocks access to your systems and/or threatens to publish your information unless you pay a ransom (hence the name).

The malware is normally downloaded as a result of opening a corrupt attachment to an email, or clicking on a hijacked hyperlink contained within an email or on a website.

Ransomware can often spread across the network, infecting other machines, including servers.

Precautions Specific to this Type of Attack

An important precaution is to train staff in recognising suspicious emails and attachments, and not opening unsafe websites. The IT infrastructure needs to be up-to-date (anti-virus scans, firewalls, etc.) Daily backups and regularly ensuring that these backup procedures are working appropriately, will mitigate the effects of a ransomware attack.

Phishing Emails are malicious emails, which prompt the reader into providing confidential information by looking like a genuine email. Irish solicitors may be targeted as they wield the log in credentials for their office and client accounts.

  1. Request for Direct Response: This phish asks the recipient to update their log in credentials to their bank account. The internet website may look similar to the one used by the recipient. When seemingly updating the credentials, the recipient has in fact provided their confidential log in to their bank account, thus facilitating a fraudulent withdrawal from the account.
  2. Hijack of the genuine website: This phish will prompt the recipient into opening a corrupt attachment, which in turn corrupts the hyperlink to the website of a genuine financial institution. When opening that hyperlink, the recipient is unknowingly redirected to a fraudulent, almost identical copy of the website. The recipient would then in fact provide the attackers with their confidential log in to their bank account, thus again facilitating a fraudulent withdrawal. Some of these attacks are so sophisticated that they can be combined with a corrupt “helpline”, whereby the recipient is providing card reader pin codes over the phone to facilitate the unlocking the website, whereas in fact, they are unwittingly authorising the withdrawal.

Precautions Specific to this Type of Attack

  • Train your staff not to open suspicious emails.
  • Financial institutions will never send you an email asking you to provide any of your personal banking details.
  • Be vigilant about spotting fake websites, purporting to be of financial institutions.
  • When calling financial institutions, do not use the number displayed on your screen, as your computer may be infected; use an alternative way (for example, you may have downloaded your bank’s mobile app to your phone, which will connect you to Customer Services).
  • Your IT systems should be up-to-date.

Email spoofing is the creation of email messages with a forged sender address so that the email appears to come from a trusted source.

This type of fraud originates with a phishing email which contains an infected attachment. This malware provides access to the system. The purpose of gaining such access is often to watch and investigate the internal email traffic in the solicitor’s practice. This secret access may be ongoing for many months.

Once they have insider knowledge, the attackers can forge an email, which reads like a genuine internal payment request; this email may even quote correct client references or file numbers.

Alternatively, email correspondence with an external third party may be intercepted, and respective bank details amended. Note in this regard that some malicious emails use Law Society or other solicitor logos to make their emails look more genuine (Cyber Security Alert, March 2022).

As a result, the money will be transferred to the fraudulent account and subsequently dissipated prior to the fraud being identified, making it very difficult to recover the money.

Precautions Specific to this Type of Attack

  • Be sceptical of any attachments received in an email, particularly from an unknown source. If in doubt, do not open the attachment.
  • Be sceptical of unexpected instructions in relation to the transfer of funds, for example, to foreign bank accounts. An email to say that a bank account has changed can be a red flag.
  • Many solicitors have now adopted a two-check system, whereby they make a telephone call to verify the bank account details. Further and detailed guidance can be found in Spear Phishing – the latest threat.
  • Your IT systems should be up-to-date.

Build your knowledge

See useful articles, introductory resources and training below.

Gazette Articles

Practice Notes


  • LegalEdTalks – complimentary CPD includes cybersecurity in the IT Know-how series. You may need to create a learnskills account to access course content.

GDPR in Action: Guidance for Legal Practitioners on Data Security and Data Breaches – grant-funding on-demand CPD