Why the legal profession needs to up its cybersecurity game
.jpg/fit-in/700x9999/filters:no_upscale())
The consequences of a data breach are catastrophic. We all know this already.
Yet, research shows that 25% of law firms don’t encrypt their laptops, and half of those surveyed who said they’d been a victim of a cyber-attack noted that they had no restrictions on external access to data storage.
These stats are astounding.
The SRA recently released research revealing the top threats facing law firmss:
- Phishing and email modification frauds (50% of reports received by SRA).
- Whilst the top target is conveyancing (due to the large funds involved), criminals are broadening their attacks to other fields.
- Phishing attacks are becoming increasingly sophisticated, using voice imitation technology as part of attacks.
2. Ransomware – used to steal information and threaten to release it – can also lock firms out of their own systems.
-The loss of system access due to file encryption can seriously affect any firm, particularly fully remote workforces.
-The SRA is now receiving reports of cases of criminals accessing sensitive client information, and expects this to become the main type of ransomware attack.
3. An increase in attacks on third parties and providers, which then spread to solicitors' firms.
-An example of this includes compromises at an IT service provider and a barristers' chambers, both of which spread to multiple solicitors' firms.
So what’s the solution?
A cybersecurity plan
A robust cybersecurity plan is the very first step to securing your business from growing cyberthreats.
Your plan should outline the policies, controls and procedures in place to protect the business, as well as the response to a breach should one occur.
An ongoing commitment to training
The cyberthreat landscape is constantly changing and evolving. Continued training ensures that your team are equipped with best-practice knowledge to tackle the latest threats. This training should not be exclusive to technical teams, the entire business benefits from up-to-date knowledge of what to look out for and how to handle potential cyberthreats.
Accreditation
The rigorous processes in place to achieve accreditation not only ensure that you’re following best practice to protect your digital presence, the accreditations also showcase to the world that you take cybersecurity seriously.
The Law Society’s self-assessment checklist states for Lexcel 6.1:
“The department or the organisation must have an information management and security policy and should be accredited against Cyber Essentials.”
However you choose to protect your data, the fact remains that cybersecurity has to be a top priority for any and every business, particularly those handling sensitive, personal data.
Secarma is here to support with these needs, as well as both the policy drafting and Cyber Essentials accreditation process, give the team a call on 0161 513 0960 to find out how we can support your cybersecurity journey.