Sector Focus: Legal
Client confidentiality is of paramount importance to the legal sector, however a FOI request earlier this year, revealed that nearly 200 UK law firms were investigated by the Information Commissioners Office (ICO) in 2014 for possible data breaches.
Partnerships are particularly vulnerable to cyber attacks as they have a high proportion of senior staff members who may be reluctant to follow corporate security procedures.
Aside from any reputational and financial loss, the ICO has stated that solicitors are usually considered data-controllers in their own right, and as such are legally responsible for the information they process.
A serious breach of the Data Protection Act could see a firm fined up to £500,000.
The Solicitors Regulation Authority (SRA) highlighted cyber security concerns in this year’s Risk Outlook Spring Update:
“Law firm client accounts are being targeted and solicitors and their clients are suffering disruption and potential loss,” said Paul Philip, SRA chief executive.”It is essential that firms understand the risks and take precautions to avoid falling victim to these attacks.”
Government Communications Headquarters (GCHQ) estimates that 80 percent of cyber attacks could be prevented if businesses follow simple guidance. They point to basic guidance, such as educating employees to avoid guessable passwords, not opening attachments in unsolicited emails and not using personal email to send and receive work related documents.
PwC has warned that many law firms believe themselves to be “too small or obscure to warrant the attention of professional hackers”. However, they note that “there is no question that law firms are among the companies being targeted by cyber criminals”.
Cyber criminals are using increasingly sophisticated methods to target uninformed IT users with phishing, spear phishing and social engineering attacks to dupe the recipients into opening a malicious link or attachment.
It is imperative law firms ensure their IT users are security aware and vigilant against evolving cyber attacks.
Request the Legal Sector Guide to SATT
PwC Annual Law Firms Survey 2017 reported that:
“Risk management, and particularly information security, has been thrust into the limelight in the past six months with an increasing number of incidents of loss and two global ransomware attacks which affected a broad range of organisations, including law firms. Over 60% of all law firms reported suffering some form of security incident during the last year.”
A recent phishing email has been one claiming to be sent from the Land Registry with an attached requisition, however the attachment may contain malicious software which if opened could compromise your network. And there have also been virus-infected emails purporting to come from the Solicitors Regulation Authority!
Security Awareness Training delivered at the desktop and combined with simulated cyber attacks is being used by firms to build a human firewall of empowered IT users.
Contact us to find out more – call 01256 379970 or email [email protected]