The National Cyber Security Centre (NCSC) has released a report aimed at helping law firms understand their risk of being targeted by cyber attackers. The 20-page report, entitled The Cyber Threat to UK Legal Sector also provides practical advice on how firms, from sole practitioners all the way up to international corporate firms, can protect themselves.
The report was undertaken at the request of the legal sector, and it should come as no surprise that law firms want to gain a fuller understanding of the risks facing their businesses.
Drawing on research from the Law Society and PricewaterhouseCoopers (among others), the report states that ‘60% of law firms reported an information security incident in the last year’, which is up from 42% in 2014. Perhaps even more shocking however, is the revelation that ‘The amount stolen from law firms through phishing in the first quarter of 2017 was 300% higher than the previous year.’
With such an alarming rise in the rate of attacks, the report strongly recommends that senior partners recognise the part they have to play when it comes to minimising risk.
‘Cyber security is all too often thought of as an IT issue, rather than the strategic risk management issue it actually is. If you don’t protect highly sensitive client information, your whole practice may be in jeopardy.’
Data breaches and reputational risk
Confidentiality is at the heart of the legal sector. When client’s sensitive information is compromised, law firms face heavy financial penalties and risk damage to their reputation that may never be recovered. The report references the Mossack Fonseca case to illustrate the worst-case scenario, where a law firm had to close after 2.6 terabytes of data was stolen.
According to research, ‘eighteen law firms reported hacking attempts in the two years to March 2018’. Thankfully, however, there are steps that can be taken to reduce this risk. Getting the basics right, such as keeping software updated and training staff to be vigilant, is a good place to start.
The report links to two useful NCSC documents that can help: 10 Steps to Cyber Security and Cyber Security: Small Business Guide. Net Consulting has also published The Ultimate SME Cyber Security Checklist to guide organisations through the fundamentals.
As with all risk, however, it’s important to understand the full scope of the situation before taking any action. It’s hard to protect what you can’t see, and hard to prioritise when you don’t know what state your network is in. This is where Net Consulting’s BlueArmour solutions can help.
BlueArmour is Net Consulting’s own cyber risk assessment technology. It makes vast networks understandable and provides IT teams with a visual map to identify all possible threats and access paths to their organisation’s most valuable assets. It is particularly useful for law firms undergoing mergers, when a full overview of both networks is required.
For round the clock surveillance, we offer the BlueArmour Advanced Threat Detection (ATD) service. Our experts utilise artificial intelligence to rapidly identify behaviours that are indicative of attacks and notify IT teams as soon as a threat has been identified.
We’ve deployed both BlueArmour services to leading national law firms, and most recently to Capital Law LLP. Speaking of the service, Capital Law’s IT Director, Rupert Poole, said:
“What it really means for us is that we can get on with our day jobs while feeling confident that someone’s watching our back. We now know that we have full visibility of everything that’s going on over our network, and there aren’t many businesses that can say that.”
If you’re concerned about the cyber risks affecting your business and would like a little more advice from an industry leading expert, we offer free consultations to help you make good decisions when securing your network. All advice is delivered independently and free from obligation. Get in touch today.