Law firms have spent years building sophisticated digital defences, but a growing threat is bypassing technology entirely by targeting people face to face.
Firewalls, multifactor authentication, endpoint detection, email security, and employee awareness training have become standard components of modern cybersecurity programmes across the legal sector.
The underlying assumption behind these investments has always been that attackers would attempt to breach a firm’s systems through its technology infrastructure.
Increasingly, however, cybercriminals are succeeding by exploiting something far simpler and far harder to patch: basic human trust.
Recent reporting from Google, Mandiant, and the FBI describes an extortion group that has moved well beyond traditional phishing emails and telephone scams.
When victims refuse to cooperate with fake IT support calls, members of this group have reportedly appeared in person at offices, posing as technicians and attempting to gain physical access to computers via USB devices.
According to Google’s investigation, attackers sometimes moved from initial contact to data theft in less than an hour, with extortion demands following shortly thereafter.
That timeline leaves organisations with very little opportunity to recognise what is happening before sensitive information has already been compromised.
Staff training focused on suspicious emails has paid dividends over the years, making traditional phishing campaigns less effective than they once were, which is precisely why attackers are adapting their methods.
Today’s scams increasingly begin with a convincing phone call, a request for remote support, or a visitor at the reception desk claiming to represent the firm’s IT provider.
Criminals understand that people are often more willing to trust a friendly voice or a professional-looking visitor than an anonymous email arriving in their inbox.
This evolution should prompt law firms to fundamentally rethink how they define cybersecurity, because a visitor requesting access to a workstation may represent just as much risk as a malicious email.
Receptionists, legal assistants, attorneys, and office managers all contribute directly to the firm’s security posture, since they are frequently the first people an attacker will encounter.
Practical questions follow from this reality: would employees know how to verify that an IT technician was properly scheduled, or would anyone question a request to connect an unfamiliar USB device?
Does the firm require outside vendors to check in through a documented process before accessing systems or offices, and are those processes consistently enforced across all locations?
These may appear to be routine operational details, but they are increasingly central to a firm’s cybersecurity controls and overall resilience against sophisticated threat actors.
Michael C. Maschke, President and Chief Executive Officer of Sensei Enterprises, Inc., along with co-founders Sharon D. Nelson and John W. Simek, argue that the legal sector must close this gap urgently.
Law firms have made tremendous progress strengthening their technical cybersecurity defences over the past decade, but the next challenge is recognising that cybercriminals no longer treat the physical office and the digital network as separate environments.
The next significant cyber incident at a law firm may not begin with a malicious email or an exploited software vulnerability, but with someone walking calmly through the front door and introducing themselves as IT support.

