Sign Up for our Free Newsletter
menu
Solicitors Journal Homepage

Tackling the technology threat

Wed Jul 05 2017News
Tackling the technology threat

What are the main categories of risk facing law firms, and what can they do to minimise their vulnerability, asks Struan Todd

Use of technology and the importance of cyber security continue to be topics at the forefront of risk management discussion for law firms in the UK. While most law firms are aware of the key issues involved with ensuring their own systems are efficient and protected, changing legislative requirements and ever-evolving threats can be overwhelming.

There are a number of hazards that law firms must contend with in this space, but with a variety of methods that can be implemented, many firms are uncertain of what the best practice for their business is.

That being said, there are a number of ways to classify the range of technology-focused threats that a firm faces. We have aimed to split these into two main categories.

General IT threats

This classification refers to risks that accompany the use of technology and are unavoidable. Such exposures include: failure of hardware or software, malware, ransomware, viruses, phishing and spam, and human error. Many companies have fallen foul of these threats, with notable recent examples being British Airways’ global IT system failure, which caused substantial interruption to its services in late May, and the worldwide ransomware cryptoworm attack that affected more than 230,000 Microsoft Windows operating system computers in over 150 countries from 12 May.

Criminal IT threats

Denial of service attacks, hacking activities, password theft, fraud, and staff dishonesty are more commonly considered to be criminal IT threats. These are targeted assaults which are aimed at specific entities. Many law firms do not consider themselves to be worthy of targeting, but instances of M&A law firms in the US having been breached are abundant.

Furthermore, law firms are extremely vulnerable to fraud and staff dishonesty given the significant sums of money held in their accounts, the volume of transactions, and, in most cases, the variety of individuals and entities that they deal with.

Although these two sets of dangers are not exhaustive, and do not include aspects of risk such as natural disasters, these are the risks that law firms must be prepared to deal with. Without targeted pre-emptive and proactive planning, these threats are capable of causing loss of data and substantial financial cost.

As there are two main categories of threats, there are two distinguishable elements of minimising vulnerability: IT system security and the human component.

IT system security

There are a variety of tips that can be given to ensure that a firm’s IT systems are as secure as possible. These comprise:

  • Ensure all systems have the latest security updates and patches applied;

  • Confirm that data backups are recent and reliable;

  • Manage email content filters, network share permissions, and use of privileged accounts;

  • Block the use of USB drives and guarantee that any portable devices utilise encryption or password protection; and

  • Limit write access and clear any unnecessary applications to avoid ease of exploitation.

The human component

It is difficult to determine whether a staff member is likely to defraud a law firm. However, there are methods which can be implemented to minimise a firm’s exposure to the unanticipated actions of their staff. These include, but are not limited to:

  • Educate staff on what they should be aware of when opening emails or corresponding with clients, including recognition of social engineering attacks;

  • Monitor the activity of employees on work computer systems to prevent removal of files and to determine whether any untoward activity has taken place;

  • Maintain company policies and discuss these regularly with staff members;

  • Encourage employees to ‘whistleblow’ and notify the firm of any incident as soon as possible; and

  • Regularly test employees and invite them to share their views on best practice.

Cyber insurance

Inevitably, despite all efforts to avoid or overcome the threats posed by the use of technology, there will be issues. To assist law firms in these circumstances, members of the global insurance market have provided a variety of cyber insurance solutions, which can include offering the following in the event of a breach:

  • Forensic expenses, specialist legal expenses, and public relations expenses;

  • Notification and credit monitoring costs;

  • Network business interruption costs;

  • Cyber extortion or ransomware and data restoration expenses; and

  • Liabilities to staff and third parties, as well as regulatory defence, awards, fines, and penalties (where insurable by law).

 

Struan Todd is international PI and cyber account executive at Howden UK Group

@HowdenPii

www.howdengroup.co.uk

AdvertisementAdvertisementAdvertisementAdvertisementAdvertisementAdvertisement
Latest News

The Chancery Lane Project expands to the USA

Thu Sep 21 2023

Delay in Final Report of the Infected Blood Inquiry

Thu Sep 21 2023

Attorney General presents UK intervention in Ukraine case against Russia at International Court of Justice

Thu Sep 21 2023

Firms losing potential clients by failing to return their calls, research shows

Thu Sep 21 2023

Powers of attorney modernised as legislation allows CILEX Lawyers to certify LPA copies for the first time

Thu Sep 21 2023

Stark contrast between Government response to Post Office Horizon victims and Infected Blood

Wed Sep 20 2023

ACSO comments on the Justice select Committee report:

Wed Sep 20 2023

Campaigners win permission to appeal against Sizewell C Nuclear Power Station ruling

Tue Sep 19 2023

Pre-inquest review into the deaths of Reading murder victims, James Furlong, Dr David Wails and Joseph Ritchie-Bennett

Mon Sep 18 2023
FeaturedAudit reform: if not now, when?
Audit reform: if not now, when?
FeatureFri Sep 22 2023
Audit reform: if not now, when?
Paul Brehony discusses the government's reported decision to omit audit reform from its legislative plans – and asks whether it's simply a fudge based on political expediency.
Browne Jacobson collaborates with LGiU on report highlighting “critical” role of local government to hit net zero
Browne Jacobson collaborates with LGiU on report highlighting “critical” role of local government to hit net zero
NewsFri Sep 22 2023
Browne Jacobson collaborates with LGiU on report highlighting “critical” role of local government to hit net zero
UK and Ireland law firm Browne Jacobson has again partnered with the Local Government Information Unit (LGiU) on their latest report Net Zero and Local Democracy
The battle for talent – promoting diversity
The battle for talent – promoting diversity
OpinionFri Sep 22 2023
The battle for talent – promoting diversity
Jody Tranter explores how championing non-law graduates and diversity of thought could help close the talent gap
BSB publishes new guidance on barristers’ conduct in non-professional life and on social mediaSJ interview: Adrian Chopin
SJ interview: Adrian Chopin
SJ InterviewFri Sep 22 2023
SJ interview: Adrian Chopin
Adrian Chopin is co-founder and managing director of litigation funder Bench Walk Advisors. He tells David Vascott about the firm's funding model and how it's staying ahead of its rivals.
Whose human rights are more important, yours or mine?
Whose human rights are more important, yours or mine?
ForewordFri Sep 08 2023
Whose human rights are more important, yours or mine?

Under the law, should your right to express your opinion – be it on politics, the environment, abortion, or anything else – trump my right to go about my business unhindered, whether or not I happen to agree with your opinion?