A new study published by 250ok, a leader in advanced email analytics for Domain-based Message Authentication and Reporting Conformance (DMARC), revealed 62 percent of the top 100 law firms worldwide by revenue fail to meet the minimum level of email authentication to protect staff and clients against phishing attacks.
(What is DMARC? DMARC is used to prevent phishing attacks and increase the deliverability of authorized emails. OnDMARC is an email security product that helps organizations of all sizes and abilities set up and maintain a secure DMARC policy. Courtesy of OnDMARC and YouTube)
“Law firms, like federal government agencies, process a high volume of sensitive information,” said Matthew Vernhout, director of privacy at 250ok.
“Since the US Department of Homeland Security issued a directive for all federal agencies to achieve a DMARC reject policy on all domains, we anticipate downward pressure on law firms to follow suit.”
A DMARC reject policy protects recipients by requesting the malicious email be blocked from landing in the inbox, while a quarantine policy requests it’s moved to a spam or similar folder, while a none policy allows the email to continue to the inbox.
A DMARC reject policy is considered the gold standard of email authentication, as it reduces the risk of a recipient receiving a phishing email.
The report reveals that currently only 3 percent of law firms studied have a reject policy in place.
The American Bar Association estimates almost one in four law firms with more than 500 attorneys experienced a security breach in 2017.
In July of 2017, DLA Piper Global Law Firm was hit with malware spread through phishing attacks designed to trick an employee into opening attachments.
The malware then spread throughout the firm’s network and email infrastructure.
(Law firm DLA Piper and advertising giant WPP among the affected companies in Major Cyber Attack. Courtesy of Daily Mail and YouTube. Posted on Mar 16, 2018)
DLA Piper had a well-executed contingency plan allowing them to recover quickly and prevent the loss of sensitive and confidential data.
Deploying a strong, well-managed email authentication solution can help prevent these fake messages from arriving and spreading to other staff, and potentially to clients.