It’s Who You Know: Verifying Identity at Law Firms

It’s Who You Know: Verifying Identity at Law Firms


Trusting identity is foundational to a law firm’s work. In a law office, the documents going back and forth contain sensitive information; contracts, negotiations, or transactions can’t be shared with the wrong parties. Therefore, the industry needs to be especially cautious about validating identities.

Legal service providers need to achieve compliance while protecting clients and their assets. Additionally, techniques are changing as lawyers move from in-person conferences to digital document exchange.

Let’s examine four digital-age areas in which lawyers need to validate identity:

#1 Phishing Scams

Phishing is always a risk, no matter the industry. Although, paralegals, associates, and lawyers are especially at risk as attached documents are constantly being sent back-and-forth.

For example, a cybercriminal might steal money by copying a vendor’s invoices. Everything on the invoice looks the same, except the payment details won’t match your client’s. Another example is an “urgent” message containing a link that goes to a seemingly credible website. It might look like a bank or government site, but one character in the URL is different. Those who don’t notice the difference will end up handing over sensitive account details directly to the bad guy.

Verification Tip: Firm-wide filters can check for malicious attachments before they reach people. Educate employees about always verifying the URL before clicking on a link. Hovering over the highlighted text will show the address where a click will take the user.

Click here to further learn how to recognize a Phishing scam and protect your firm.

#2 Business Communication Email Scams

Business communication email scams often target law firms. In one example, Jared Kushner’s lawyer exchanged emails with someone imitating the ex-White House aide. Emails from kushner.jared@mail.com prompted the lawyer to share newsworthy information.

Verification Tip: At the beginning of an engagement, verify the client’s private, secure email address. Before responding to an email, always confirm that the sender’s email address is the same as you have on file.

#3 Outgoing Email

Email automation can lead to problems. Say an associate allows Outlook to auto-populate the recipient’s email address from the address book. If they’re too busy typing a quick note, they don’t confirm that they’re sending it to the right person. But Smith, John is a divorce attorney and Smithson, John is a client at a dental firm. They should not be getting each other’s filings!

For example, Wall Street Journal reported that law firm Wilmer, Cutler, Pickering, Hale, and Dorr sent files detailing a history of whistleblower claims at PepsiCo to the wrong person. So much for client privilege.

Verification Tip: Check and double-check your email address list. Set up your firm’s email program to disallow any auto-populating of email addresses.

#4 Multi-Factor Authentication

Another area where you want to verify identity is when staff access your systems and software. Simply relying on username and password credentials isn’t strict enough. Humans make mistakes. Unfortunately, your people may not pick complicated passwords or regularly change their access credentials. Data breaches can put professional accounts at risk when people reuse passwords. Multi-factor authentication can reduce this risk and ensure the correct people are accessing your accounts.

Verification tip: Adding multi-factor authentication makes it extremely difficult for a cybercriminal to do their job. Even two-factor authentication adds an important level of security. Having the access credentials alone isn’t enough. A hacker would also need to get their hands on the personal device where the authentication code is sent.

Need help establishing robust digital practices to confirm client and employee identities? Our IT experts can review risks and suggest simple, affordable solutions. Improve your identity experience with a Managed Service Provider.

Click here to learn more about how an MSP can benefit your law firm.

STG IT Consulting Group would love to show you all we can offer as your Managed Service Provider.
Click here to schedule a free 15-minute meeting with Stan Kats, Client Engagement Specialist and Senior Technologist.

We proudly serve Greater Los Angeles and surrounding areas for all of your IT needs. We look forward to meeting with you!

STG IT Consulting Group's Logo

Related Articles:

Why Law Firms Need Managed Services

Pivoting to the Practice of Virtual Law

Why Lawyers Need Workflow Automation