Social engineering is the clever manipulation of the natural human tendency to trust. The most common (but by no means only) form of social-engineering attacks are phishing attacks. Phishing attacks are emails attempting to entice the receiver into (1) clicking a link or opening an attachment in the email that leads to malicious software, or (2) providing financial or personal information to the sender.
With the rise of phishing and other social-engineering attacks, building technical defenses around your law firm’s network—or allowing IT to do this if you’re at a larger firm—is simply not enough. During my time as the information technology director for a law firm, I’ve found that you must also secure the human.