Written by Norman Clark
Published: 10 June 2020
Hits: 1564
iStock image licensed to Walker Clark LLC

The rapid development of the Dark Web and the adoption of new operational modes in the legal services industry, such as working at home, pose substantial new threats to many law firms that might have previously assumed, correctly or not, that they were "immune" from hacking and ransomware.

There are several basic steps that any law firm, or any size and anywhere, can take to reduce the risks.

I attended a great one-hour webinar today produced by IconicIT, an IT security firm that specializes in small and mid-sized businesses, including law firms. We recommend IconicIT because of their experience and insights into the special issues facing small and mid-sized law firms.

The information they delivered was so timely and so important that I went immediately to our blog to write this posting.

Here are some of the main points:

There were seven very interesting points about how to avoid being compromised by e-mail. We recommend that every law firm include these in the standard operating procedures for everyone in the firm, whether they work at home, at the office, or somewhere else:

  1. Watch for overly generic content and greetings, like "Dear valued customer" or "Dear Sir/Madam"
  2. Examine the sender's entire e-mail address. The first part of the e-mail address might appear legitimate, but the last part might be off by a letter or might include a number in addition to the usual domain name (for example: instead of This email address is being protected from spambots. You need JavaScript enabled to view it.
  3. Look for urgency or demanding actions, such as "We have your browser history. Pay now or we tell your boss."
  4. Carefully check all links. Move the cursor over the link and see if the destination matches where the e-mail suggests that you will be directed.
  5. Notice misspellings, incorrect grammar, and odd phrasing. This might be an attempt to bypass spam filters.
  6. Check for secure websites. Any webpage where you enter personal information should have a URL with https:// . The s stands for secure.
  7. Don't click on attachments right away. Make sure that your e-mail software or security software has scanned them first.

For more information, we recommend that you go to the IconicIT website or contact us here at Walker Clark LLC.

Norman Clark