Sales: 0208 732 5656

Cyber Security for Law Firms ….. 8 Top Tips to Keep your Firm Safe

Cyber Security for Law Firms ….. 8 Top Tips to Keep your Firm Safe

When I am talking to law firms, one of the most frequent questions I get asked is how firms can manage the ever increasing risks from cyber crime.

Protecting confidential client information is one of the most essential requirements for any legal business to ensure compliance with SRA Principle 10 and outcome 4.1. In addition, safeguarding confidential client information is pivotal for law firms to protect themselves from reputational damage, disruption to business operations and the potentially crippling fines that will be levied for security breaches once the GDPR comes into force next year. (If you missed my previous blog outlining what GDPR is all about for law firms you can read it here).

Law firms, unfortunately, are a natural target of cyber criminals, as they are dealing with so much confidential material, ranging from personal data, to trade secrets, to large financial transactions, through to the personal affairs of high profile clients.

Indeed a study published by Osterman Research Inc in August 2016 showed that 72% of UK based organisations had suffered a security attack in the previous 12 months. The types of attacks experienced are diverse, ranging from “phishing” attacks, where criminals attempt to obtain access to confidential information or passwords, through to “ransomware” attacks (as covered in my previous blog) where criminals hold your data to ransom by encrypting it and demanding money for its decryption. The motivation behind these attacks varies from quick money-making scams, through to identity theft and onwards to much more sophisticated espionage.

As such, it is critical that cyber security is not just treated as an IT issue, and that there is ongoing Senior Partner level involvement with establishing and maintaining an effective information risk management regime around cyber security.

Such policies will involve a multifaceted approach, which needs to include:- 

1. Identifying where your data is held.
This could include in-house servers, company and employee owned portable devices such as laptops, tablets and smartphones, data that has been copied to removable media such as USB sticks, data that has been shared with business partners and other third-party organisations, copies of data taken for backup purposes and data that is stored in the cloud. Until you have identified where your data is, it is nigh on impossible to protect it adequately. Indeed, because it is so hard to control information which is dispersed over a wide range of devices and/or geographical locations, many firms are choosing to now pull all their information together into a central, UK based repository which makes it much easier to protect.

2. Identifying who has access to your systems, both within and outside the company.
What level of access does each system user have? How is this reviewed? What SOPs do you have for starters and leavers?

3. Regularly reviewing how your network is secured.
Nowadays having a firewall and some anti-virus software is just the tip of the iceberg, and a much wider array of technologies is needed to provide full protection from today’s sophisticated threats.

4. Having in place strict and timely procedures for applying security software updates to your systems.

5. Putting in place safeguards, procedures and policies around mobile working.

6. Implementing procedures around physical security of your servers and IT equipment.

7. Implementing ongoing staff training around cyber security threats.
It is important to remember that your security is only ever as good as your weakest link on any given day. That could be the temporary administrative worker who unwittingly opens a seemingly legitimate attachment or website link which turns out to be something much more sinister.

8. Having contingency plans to fall back on should the worst happen.
These should include incident response plans, frequent backups and full disaster recovery plans.

It is also worth remembering that that securing your law firm against cyber security threats is not a one-off task, as with the constantly changing security threat landscape, it is critical that all risk management activities around cyber security are reviewed and updated on a continual basis.

If you would like to discuss ways in which Xara Computers can help you reduce your law firm’s risk from cyber security threats, please do not hesitate to contact myself, or my colleague Andrew Banning, on 0208 732 5656 or email us on mk@xc360.co.uk or ab@xc360.co.uk  when we will be happy to help.

Powered by WPeMatico

No Comments

Sorry, the comment form is closed at this time.