A significant number of malware attacks originate from within the organization. Beyond the social engineering trickery discussed above, there might be a disgruntled employee in the IT department who installs a backdoor in the network, either to use right away, or just in case they want it for the future. Employees can also be bribed or extorted to provide information so hackers can easily enter a system.
These kinds of attacks are an HR issue as much as anything. Still, any law firm must not only watch for external threats, but keep in mind that information can flow out from within. This suggests keeping information compartmentalized, available only on a need-to-know basis.
Optional Resources: For more detailed information on internal fraud and how to prevent it, watch Bite Size CPD – Recognizing and Preventing Internal Fraud [7:32 minutes]. You can also find more information in the Law Office Management Practice Resources on the Law Society website.