This Div is a JS Trigger
Issue 73 | January 2022


This newsletter includes information to help lawyers reduce the likelihood of being sued for malpractice. The material presented is not intended to establish, report, or create the standard of care for lawyers. The articles do not represent a complete analysis of the topics presented, and readers should conduct their own appropriate legal research.
The Best Offense: Protecting Against Cyber Vulnerabilities

The vast majority of law firms in this province are small businesses.

A recent study by CyberCatch, a cyber security company (see CyberCatch Q4 2021 Small and Medium Sized Businesses Vulnerabilities Report), sampled about 2,000 small businesses in Canada and 20,000 in the U.S. across 10 business segments for website vulnerabilities. The top three cyber vulnerabilities were: (i) spoofing (defined in the report as weaknesses that allow a website to accept invalid data with the result that the server produces client lists and passwords); (ii) clickjacking (defined as weaknesses that allow an attacker to hijack a web page to trick users and steal user credentials or account secrets for easy intrusion to install malware or ransomware); and (iii) sniffing (defined as weaknesses that do not force encryption and allow transmission of sensitive data in cleartext that an attacker can discover and steal and use to make intrusion or move laterally once inside with ease to eventually access data or infect ransomware).

Interesting for this study is that one of the 10 business segments was law firms. The results from the Canadian law firm sample are that 85.5% of their websites had spoofing vulnerabilities, 81% had clickjacking vulnerabilities and 40% had sniffing vulnerabilities. By comparison, for the U.S. law firm sample, similar vulnerabilities were found in 29.9%, 25.8% and 10.2% respectively of law firms. In other words, law firms in Canada were three times more likely than a firm in the U.S. to have these vulnerabilities. This increased level of vulnerability in Canada was higher as compared to the U.S. across all ten business segments.

The conclusion is that small businesses should scan their websites, software and web applications that face the internet to determine if there any vulnerabilities and if so, fix them.