With Cyber-security being a key issue for businesses in 2016 and the risk of attack showing no sign for decline for 2017, there is no doubt it should be at the top of the agenda for those managing and working in a legal practice, particularly bearing in mind the industry’s uniqueness for managing transactional data in a variety of systems, such as PMS and CRM’s, for corporate and private clients.
Recent statistics* state that cyber attacks on law firms in the UK have increased by nearly 20% between 2014-15 and 2015-16, with 73% of the top 100 law firms being targeted by cyber attacks such as:
Viruses and malware, in particular, ransomware and Trojan horses.
Email phishing attacks to try to gain access to client money.
Direct attempts to break into the firm’s network.
Internal threats with security incidents caused by staff.
This increase in cyber threats, coupled with challenges faced by the industry such as growing pressure from clients on fees, increasing salary costs and declining productivity is causing profit margins to fall means these are challenging times for those running a legal practice and sees a period of significant financial investment needed to keep up with technological advancements.
There is much that can be done to prevent attacks, including using quality anti-virus, anti-malware software, email and internet filtering, and regular back-ups. Additional measures can be taken to protect your systems and data with password policies, document procedures, and staff training. Key areas to consider are:
Targeted attacks are not the only cause for concern, vulnerabilities in off-the-shelf products such as website CMS platform, applications and plugins are being discovered and exploited by hackers. It is important that you manage updates on these systems in a timely manner to keep your data (and your clients) secure.
Organisations need to commit to consistently reviewing their practices and implement new ones when appropriate. New staff, new systems and hardware, or new vulnerabilities are all reasons why planning and implementing reviews are essential. As your company constantly evolves, so do security threats and solutions.
Making sure you close security gaps and fix vulnerabilities in your systems (such as your version of Microsoft) as soon as they are known is essential to keeping your networks secure and your corporate and client information safe.
It is important that companies, regardless of their size, implement vulnerability assessments and penetration testing. This allows you to see any weaknesses and holes in your security and fix them before they are exploited.