The cyber-smart solicitor
Andrew Lloyd explains what lawyers need to know to protect themselves online
As an industry which trades upon discretion and reputation, cyber-attacks resulting in the theft or ransom of data can have an irreparable impact on solicitors and their firms. Solicitors are privy to some of the most confidential data available, making them increasingly vulnerable as targets of hackers and cyber-criminals.
Loss or theft of this data can have serious consequences for relations with clients. It not only diminishes the trust between solicitor and client but can lead to widespread reputational damage to both practitioner and firm. And there are also long-lasting practical implications. When a breach is suffered, many organisations are faced with no other option but to shut down all operations.
Cyber-crime is evolving to become increasingly sophisticated and tailored. However, some of the most effective ways to combat this ever growing threat thankfully remain incredibly simple.
Security from all angles
You may have the most impenetrable firewalls or software in your office, but have you considered all elements of how you access data? If you choose to work remotely, for the sake of your client’s data and security, ensure you are using sophisticated anti-virus software and avoid browsing high-risk websites or opening suspect emails. A firm that goes to all lengths to protect its own cyber-security can be compromised within a second by an unwitting employee using a less secure home network or open hotspot.
Back up your data
As was seen with the global WannaCry attack, cyber-crime has evolved, taking on different guises and forms, meaning different protocols and protections need to be considered. Research from Symantec found that the number of ransomware variants more than tripled to 101 in 2016, showing this form of cyber-crime is certainly on the rise.
Ransomware, which blocks access to victims’ data until a ransom paid, is more efficient for criminals than simply stealing data and finding buyers on the black market. Ensuring you back up your data daily and to at least one system that’s not directly connected to the main system can help mitigate the consequences of a ransomware attack as you’ll be able to retrieve your data without having to pay a ransom to criminals. Indeed, there is no guarantee that if you do pay the ransom your data will be retrievable.
Keep software updated
Cyber-attacks can exploit the simplest oversights. As was the case in the NHS attack, many criminals rely on common mistakes such as failing to regularly update software or browsers.
Updating browsers can seem like a lengthy and costly task, especially when you have programmes that are tailored to run on old systems, but updating software brings more than just improved speed and new features. Updates also bring with them essential bug fixes to protect against scams and viruses, fixing any faults in your previous system that may leave you vulnerable.
Accept you’re a target
A study by PwC found that attacks on law firms had increased by 60 per cent within the past two years. While the NHS breach was headline news, in reality cyber-hacks are the mundane everyday, with the UK government reporting 65 per cent of large companies have been attacked in the past year. Solicitors need to wake up to both the fact that cyber-crime is now widespread, and that they are one of the key targets.
Make it your firm’s priority
Cyber-security needs to be top of a board’s agenda, not just be the concern of IT departments. Establishing best practice company-wide needs to come from the top down and include external consultancy if wider knowledge is needed.
Employees are also a vital line of defence. Criminals often rely on employees as their entry point into systems through phishing emails or scams. Yet research by insurance broker Lockton has found 27 per cent of UK businesses are not training their staff on how to prevent or respond in the event of a breach. Turn your employees into an asset in the fight against cyber-crime by providing them with regular training on how to both prevent and mitigate the damage of cyber-attacks.
As keepers of some of the most confidential data around solicitors need to realise that they are among the greatest targets for cyber-criminals. If you haven’t started to take proactive action to combat cyber-criminals then you need to do so now, before they take action against you.
Andrew Lloyd is managing director at Search Acumen