Here’s a list of law firms, and with them the results of some basic security scans I ran on their websites in February. It turns out that most law firms do not bother to secure their email. Anyone can impersonate them.
I wrote a little script to email each of them. I sent 200 as a test. No-one replied.
Maybe lawyers are too busy. Maybe my emails do not come across as credible.
What I do know is that if I go to a journalist with this, they may write a scare story, which will in turn prompt the lawyers to push some other item off their agenda, to patch this up.
Some IT firms who were careless in not setting this up to begin with will be able to make some money in charging to set up the missing security, and maybe upsell a cybersecurity audit.
All I can tell is that this activity brings me little benefit, as any benefit would go to the IT firms who already have contracts in place with the firms.
Maybe members of the public would ultimately benefit.
One person did actually reply to me. It is an IT firm that has an existing contract, wanting me to do some unpaid exploratory work for them.
This is not unique to solicitors. The same applies to accountants, British schools, consultants and some private medical practices.