Firms in hacking firing line

SECURITY: investigators access set-ups at five top 20 law firms as cyber shortcomings exposed

Law firms are particularly vulnerable to computer crime, as they wrongly believe their systems to be secure and hand out passwords freely, leading figures warned last week.

At a round table discussion on the increasing threat of Internet fraud and hacking, experts voiced concern that the legal profession's passivity at embracing computer security could leave it open to abuse.

Paul Carratu, managing director of corporate investigation company Carratu International, said: 'Trying to educate the legal sector in computer security has always been something of a struggle, as while lawyers love gadgets, they can be slow in grasping and appreciating technology.'

He continued: 'Businesses today hold sensitive information on computers and one is attacked every 20 seconds in the UK, yet adequate security measures are rarely in place.

We recently did an audit of five top 20 law firms which said their systems were secure - and we managed to access every one.'

Detective Chief Superintendent Les Hynds, head of the national high-tech crime unit, said: 'Computer literacy is only going to improve among school leavers - who will become our next generation of computer criminals.'

Mr Carratu said that during recent research, his company had telephoned around solicitors in City law firms requesting their passwords, claiming to be from the IT department.

'In nearly all cases, we were given the information without any questions,' he said.

He added that on a recent visit to one of the audited firms to meet a partner, he accessed the practice's network from an Intranet terminal in the lobby.

'When the partner came down to meet us, we were able to talk in detail about the document he had just been working on,' he said.

'You should have seen the look on his face.'

Andrew Towler