Law firms are wide open for phishing attacks, according to a new study by 250ok.
Of the top 100 law firms worldwide, 62% are failing to meet a minimum level of email authentication. Moreover, only 3% have a DMARC reject policy in place.
250ok argues that DMARC (Domain-based Message Authentication, Reporting and Conformance) is the “gold standard” in email authentication. A DMARC reject capability blocks malicious email from hitting the inbox, and removes it to a spam folder.
“Law firms, like federal government agencies, process a high volume of sensitive information,” states Matthew Vernhout, director of privacy at 250ok.
He adds: “Since the US Department of Homeland Security issued a directive for all federal agencies to achieve a DMARC reject policy on all domains, we anticipate downward pressure on law firms to follow suit.”