Legal IT audit reveals significant flaws in law firm security

5 Feb 2024News

A simple omission by legal IT Staff has led to over half of SRA registered law firms in the UK vulnerable to scams

Self Studio London's cybersecurity audit exposes a concerning 56% vulnerability among SRA registered law firms, lacking DMARC protection against email spoofing. In a cybersecurity audit, Self Studio London has uncovered a significant vulnerability within SRA (Solicitors Regulation Authority) registered law firms in the UK. The study, conducted in early 2024, reveals a startling statistic: 56% of these firms are susceptible to 'email spoofing,' a deceptive tactic allowing attackers to impersonate legitimate email senders.

The comprehensive analysis targeted 3,964 law firms listed on the SRA register with operational websites. The results are alarming, with 2,225 of these firms lacking DMARC (Domain-based Message Authentication, Reporting, and Conformance) records – a critical defence mechanism against email spoofing. DMARC records play a pivotal role in verifying the authenticity of emails sent from a domain, preventing attackers from forging email identities.

Email spoofing poses severe security risks, enabling attackers to manipulate the sender's address in an email, often masquerading as a trusted source. This tactic can lead to phishing attacks, where recipients are deceived into divulging sensitive information, or the distribution of malware through seemingly legitimate emails.

The gravity of Self Studio London's findings is amplified by the nature of information handled by law firms, emphasizing the urgent need for robust cybersecurity practices. The absence of DMARC records exposes law firms to successful email spoofing attacks, jeopardizing not only their security but also the confidentiality of their clients, who are frequently involved in sensitive legal matters.

This vulnerability underscores a critical oversight in the cybersecurity practices of UK law firms, prompting a call to action for the legal industry. Self Studio's audit serves as a stark reminder for firms to prioritize email security and implement essential measures, such as DMARC, to mitigate the risks associated with email-based threats.

Self Studio London strongly recommends that all law firms conduct a thorough review of their email security protocols and swiftly adopt DMARC records. This proactive approach will not only shield firms and their clients from potential fraud and data breaches but will also enhance the overall trust and reliability of communications within the legal sector.

If you have any doubts about your setup, contact Self Sudio

Photoby Robert Kloosterhuis - https://www.flickr.com/photos/jemimus/66531212/ (original size version), CC BY-SA 2.0, https://commons.wikimedia.org/w/index.php?curid=818348

Legal News desk contact: editorial@solicitorsjournal.com

Latest Articles

Supreme Court ruling on fraudulent trading liability

UK Supreme Court clarifies liability of third parties in MTIC fraud and limitation rules for dissolved companies.

Forty years on, surrogacy law is still playing catch-up

Despite international growth in surrogacy, UK law remains reactive, outdated and ill-equipped for today’s challenges

Law firm reports significant caseload rise

A surge in immigration-related legal advice reflects new UK policies tightening regulations affecting businesses and individuals

Tudor v Tecuci District Court: Article 8 extradition appeal analysis

High Court upholds Romanian extradition despite private life arguments

Costs Lawyers seek recognition and support

The Association of Costs Lawyers aims to elevate its members' status and engage the younger workforce

Gig economy drivers challenge their status

Former eCourier drivers have launched a legal claim to secure workers' rights against misclassification

When is an environmental case not an Aarhus claim?

Court of Appeal narrows Aarhus costs protection, requiring direct breach of environmental law, not incidental impacts.

Commonhold’s fragile foundations: risk and reality

Commonhold promises fairness and simplicity, but unresolved enforcement and financial risks threaten its stability and long-term value

How the amended English Arbitration Act puts London at the centre of global arbitration reform

The Arbitration Act 2025 introduces reforms enhancing efficiency, certainty, and London’s global leadership in international arbitration

Support needed for UK retailers now

Clarke Willmott LLP calls for intervention in the autumn statement to avert worsening conditions in retail

Court of Appeal clarifies GDPR compensation thresholds in Farley v Equiniti

Court of Appeal establishes new precedent on data breach compensation claims.

Crest Nicholson v Secretary of State: Water neutrality upheld in planning decision

High Court affirms water neutrality condition for housing development near ecologically sensitive sites.

O Argence-Lafon v Ark Syndicate Management: EAT whistleblowing judgement analysis

Employment Appeal Tribunal clarifies protected disclosure requirements in insurance sector whistleblowing case

Sky UK Limited v Ofcom: Electronic communications services classification under regulatory scrutiny

Court of Appeal clarifies electronic communications service definitions in telecommunications regulation framework.

SRA addresses issues in law firms' high-volume claims

The SRA's review reveals significant failures by law firms in their duty to clients in high-volume claims

SJ Interview: James Palmer CBE

James Palmer CBE, Partner of Herbert Smith Freehills Kramer, has long been recognised as one of the UK’s most influential corporate lawyers and policy voices. Awarded a CBE in 2025 for his services to business and law, he has combined a high-profile career in M&A with decades of work on legal reform. In this interview, he discusses the challenges of legislative inflation and corporate advice, access to justice, and the future role of technology.

The SQE is failing its own test

Five years on, the SQE is underperforming, and targeted reforms could close persistent gaps.