Why Endpoint Security is Vital for Your Law Firm

Another day, another cybersecurity attack. Cyberattacks are on the rise—increasing from an average of 206 to 270 attacks per company between 202 and 2021 (Source: TechTarget). This statistic should be alarming to any organization that uses any kind of IT because it demonstrates just how prevalent cyber threats are. To protect the highly sensitive data they manage as part of their services to individuals and companies, today’s law firms need to safeguard their endpoint security through IT security and data protection.

What is Endpoint Security?

Endpoint security solutions protect endpoints, which are remote computing devices that communicate back and forth with a network to which it is connected. Endpoints include desktop computers, mobile devices, laptops, printers, and even IoT devices. 

With a large percentage of the workforce now working remotely, endpoint security risks have become even more heightened. Employees connecting to your law firm’s network to access shared data and files can leave you open to attack from cybercriminals, who often attempt to use endpoint devices as entry points to access corporate networks. Once in, cyberthieves may steal data, leverage existing software vulnerabilities, or hold information hostage.

Endpoint protection solutions are designed to stop cybercriminals in their tracks. These systems can quickly detect, analyze, block, and contain attacks as they occur. Endpoint data protection works with other security technologies to give administrators visibility into security threats to improve the speed of detection and remediation response times.

Why is Endpoint Security Important?

Endpoint security is important across all industries, but some – including law firms – need to be especially vigilant. Although law firms collect and use highly sensitive data, the industry is not highly regulated like healthcare or finance. So, many firms skimp on cybersecurity. This makes them a very attractive target for cybercriminals. In fact, the American Bar Association’s 2021 Legal Technology Survey Report reveals that 25% of respondents’ law firms had experienced a data breach at some point during the year. These incidents included cyberattacks, malware infection, lost or stolen company devices, and employee negligence (for example, accessing a non-secure network in a coffeehouse or airport, or simply leaving a password written on a post-it in their unattended cubicle). These breaches resulted in financial losses, the need to replace hardware, and the destruction or loss of files. 

The ABA writes, “Attorneys have ethical and common law duties to take competent and reasonable measures to safeguard information relating to clients and also often have contractual and regulatory duties to protect confidential information. These duties present a challenge to attorneys using technology because most are not technologists and often lack training and experience in security.”

That’s not all. Endpoint data protection regulations are being applied to most organizations collecting and processing sensitive information. Any company that doesn’t properly protect client and employee personal data can face heavy fines (not to mention damage to their reputation). For law firms, this means prioritizing attorney/client confidentiality, keeping all client files secure, and complying with ABA and State bar rules regarding privacy. Of course, there are also local laws, such as New York’s SHIELD Act, which requires companies to develop and maintain safeguards to protect private information. 

With cyber threats increasing in frequency and sophistication, and remote employees handling more and more sensitive data, endpoint security risks are at an all-time high. Through continuous monitoring and quick security breach detection, endpoint protection solutions are vital to the security of any law firm. And because most endpoint protection solutions are deployed within the cloud, installation and integration is easy with little overhead costs.

What are Endpoint Security Risks?

With cyber threats increasing in frequency and sophistication, and remote employees handling more and more sensitive data, endpoint security risks are at an all-time high. Two of the most prominent and persistent endpoint security risks are phishing and ransomware. 


Phishing typically involves a cyberattacker sending a fraudulent message designed to trick someone into providing login credentials or revealing sensitive information. Phishing may also attempt to deploy malicious software on a victim’s infrastructure like ransomware (more on that in a moment).

There are five common types of phishing attacks that can compromise end user security are as follows:

  1. Normal phishing. This involves scammers impersonating a legitimate company in an attempt to acquire login credentials or sensitive information. These are sent out in large batches in an attempt to hook as many people as possible.
  2. Spear phishing. This targets a particular individual or organization. Emails are personalized and specific to make the recipient believe they know the sender. Often, spear phishing emails impersonate an employee, client, or other contact.
  3. Whaling. This phishing scheme targets owners, CEOs, CFOs, etc. Cybercriminals spend months researching their target and then weeks sending a series of back-and-forth exchanges in order to gain trust – and then access. 
  4. Clone Phishing. Clone phishing emails replicate a recent message someone has sent but swaps out the link for a malicious one. The scheme is designed to get recipients to re-click the link and re-enter personal information.
  5. BEC Phishing. With Business Email Compromise phishing, the cybercriminal poses as a member of the C-suite and emails lower-level employees who have administrative rights, requesting specific and sensitive information.


Ransomware, which can be delivered through phishing, is a type of malware that prevents or limits users from accessing their system, often through endpoint devices. It works by either locking the screen or specific files until a ransom is paid. More sophisticated types of ransomware, known as crypto ransomware, encrypt certain file types on infected systems. Then, users are forced to pay up through online payment methods in order to receive a decryption key. Of course, even after payment is made, there is no guarantee that the cybercriminal will honor their end of the agreement and unlock files or provide the key. 

Unfortunately, ransomware attacks against law firms are on the rise. Law.com reported five Maze ransomware law firm attacks across three US states in 2020. More recently, the threat group behind REvil ransomware published an alleged sample of 756GB of client data exfiltrated from the New York City law firm Grubman Shire Meiselas & Sacks, asking an initial ransom of $21M before doubling it to $42M. It’s no wonder more and more law firm clients are requesting network security audits before hiring an attorney.

So what are the reasons behind the increase in ransomware? For one, it’s become more profitable as more companies opt to pay up to “make the problem go away.” In addition, quarantine conditions – resulting in more remote workers – made attacks easy to execute due to poor cloud security. Lastly, cybercriminals are now actually franchising their ransomware in what is known as ransomware-as-a-service (RaaS). In this model, the masterminds behind ransomware attacks provide other less-skilled attackers with the encryption tools, communications, ransom collection, etc., all for a percentage of the ransom collected. 

Read about other types of attacks, including DDoS attacks, Man in the Middle attacks, and vulnerability exploits in our blog 6 Cybersecurity Tool Every NYC Law Firm Should Have

How Can Your Law Firm Improve Endpoint Security

There are a number of practical and technical ways you can beef up your law firm’s endpoint security.

Hold Endpoint Security Awareness Training 

Many employees may not be aware of endpoint security risks. Educating them is a great first step to preventing data breaches. Train them on what to look for in phishing emails (e.g., misspellings, extreme sense of urgency, mismatched URLs and redirect, etc.). Be sure remote workers understand that they must only connect over secure servers and that passwords should not be written down. Be sure to make training a regular initiative, as over time and after a period with no incident, old (bad) habits tend to come back.

Create Feedback Loops

Feedback loops, particularly in large law firms, are very beneficial when it comes to preventing phishing and ransomware attacks. A feedback loop opens the lines of communication between employees. It makes employees feel comfortable notifying IT about potentially malicious emails, or asking a member of the C-Suite if they did in fact request a particular file before they send it. Not only does this help protect endpoint security, it makes others in the organization aware of attack attempts.

Deploy Phishing Simulations

One way to determine if employees are on their toes at all times is to send out the occasional simulated phishing email. These can be created to appear as if they’re coming from a client, another employee, and so on. The email should contain clues that it might be fraudulent (misspellings and such) as well as request that the recipient click on a link or an attachment. If an employee takes the bait, they should be informed that it was a simulation and then given endpoint protection instructional material to study up on.

Create Device Control Policies

Not every employee needs to have access to everything. Nor should all be allowed to access the network from just any device. Device control policies can be applied to specific users and computers or different groups or departments. Whitelists can also allow administrators to lift restrictions for particular individuals or devices as needed or for temporary access.

Use Managed Detection and Response Services

Managed Detection and Response (MDR) is the practice of outsourcing cybersecurity to industry experts who have the skills and experience necessary to protect data, assess risks, and work to minimize those risks; it is the go-to solution for many busy law firms. Converged Technology Group, recognized as a 2022 top IT solutions provider by CRN 500, offers comprehensive Managed Endpoint Protection services to secure all entry and endpoints of all of your staff’s devices. 

We work with our NYC and Long Island-based business partners to offer them the highest levels of Managed Endpoint Protection by proactively monitoring to detect and respond immediately to advanced security threats. We can also detect and combat intellectual property and threats to online business assets, both from without and within your organization. 

Concerned About Endpoint Security? Contact Converged Technology Group Today!

The team at Converged Technology Group has worked with many law firms, and we have the experience and expertise to identify threats and disarm them before they can damage yours. We offer numerous types of law firm endpoint security solutions including:

  • Network Access Control (NAC)
  • Data Loss Prevention
  • Insider Threat Protection
  • Data Classification
  • URL Filtering
  • Browser Isolation
  • Cloud Perimeter Security

For a confidential consultation to learn more about how Converged Technology Group’s Managed Endpoint Protection can benefit your firm, contact us today

Email Us

(631) 468-5770