It takes 5 minutes to hack any email in your law firm

It really takes less than 5 minutes, all a hacker needs to do is:

  1. obtain a database of all your email addresses (30 seconds)
  2. visit your webmail page and copy it (30 seconds) to his automated attack toolkit
  3. craft a fake email “From your IT department: Your mail storage quota is over the limit, please login to increase it” – 1 minute
  4. send it to everyone and wait (2 minutes).
  5. In the remaining 1 minute, your users will send the hacker their username / password combinations themselves.

There are 3 things you can do to prevent that:

  1. Ensure your email is hosted at a secure mail provider, rather than your web hosting company – this is critical!
  2. Ensure your users have strong passwords – this is a whole process from implementing password managers to regular audits
  3. Implement 2-factor authentication. But beware: even 2-factor authentication can be bypassed, so vigilance, ongoing vigilance is key to keep your data and the data of your clients safe!

Email (or rather, access to email) is the most critical entry point a hacker can gain in your law firm. Because it is very likely that your file collaboration, file sharing, document management and filing systems are all tied to that same login credential combination of a username/password. And if we forget for a moment about all the confidential emails and attachments an account has accumulated for years and focus only on the other systems it gives access to – a breach would still be critical, maybe to the whole firm and its business. 

This website uses cookies. To use it, please accept this notice.