Law firms hold reams of sensitive data and must therefore put safeguards in place to protect information from unauthorised access and processing. The term cyber-attack is broad and encompasses all deliberate attempts to exploit a computer system or network. This can result in data being compromised which facilitates cybercrimes like information and identity theft. Following introduction of the General Data Protection Regulation (GDPR) on 25th May 2018, law firms are expected to do more than ever to protect the data they hold. To give you an idea of the magnitude of cyber breaches; in 2015 62% of law firms reported a security incident. So if your approach is gambling on the chance that you won't be targeted, sadly the odds aren't in your favour.
Who Is Behind Cyber Attacks?
In cyber security breaches, individuals and organisations can gain illegal access to sensitive data. Information is an incredibly powerful tool and its misuse should not be underestimated. Some groups of people who often try and compromise law firm cyber security are:
- International governments
- Organised criminals
- Terrorist organisations
- Disgruntled employees
The Nature of Attacks
Cyber-attacks can come in many different forms so it is important to stay vigilant. Staff training will help employees spot when things start to go wrong. Some of the common types of attack are outlined below.
- Phishing emails are sent by hackers attempting to trick you into divulging your personal data, often bank details and passwords. The best way to protect against phishing scams is to thoroughly train your staff in how to identify these scams and what to do to overcome them.
- Malware is software designed to disrupt, damage or access a computer. If hackers get hold of your customers and/or employees email addresses they can send them emails (often from accounts mimicking your firm's email domains) with links to this malware. Therefore, criminals gain access to any computers on which the attachments are opened. The prestigious London law firm Anthony Gold became the victim of cyber-crime in December 2017. Hackers gained access to a legitimate email account and sent out 16,000 emails with a seemingly important attachment. Those who fell into the hackers trap and opened the attachment were subsequently infected with malware.
- Ransomware is malicious software that blocks companies access to their files (e.g. by encrypting them) until a sum of money is paid to the cyber criminals. The cyber criminals behind ransomware are indiscriminate regarding who they attack, they simply identify systems that are poorly patched and vulnerable.
- Disgruntled employees occasionally leak data to publically disgrace the firm.
Why Should Cyber Security Be Important To Our Firm?
Poor cyber security enables cyber criminals to infiltrate and damage your systems and networks. This exploitation often results in a data breach. As breaches are gaining publicity it is becoming routine to see a new household name brandished across headlines each day, its reputation being irreversibly tarnished. In order to retain a commercial advantage it is important your firm's name is not littered with bad publicity. As well as the devastating reputational blow, breaches can result in firms being charged up to €20 million or 4% of their annual turnover, whichever is greater, by the Information Commissioner's Office (ICO). Good cyber security training and generation of a security culture will help to protect you, your firm and your customers against the crippling effects of cyber-crime.