enquiries@xc360.co.uk
Sales: 0208 732 5656
Sales: 0208 732 5656
enquiries@xc360.co.uk
mobile-logo

Cyber Security for Law Firms ….. 8 Top Tips to Keep your Firm Safe

21 Apr

Cyber Security for Law Firms ….. 8 Top Tips to Keep your Firm Safe

by Muzahir Kapasi
in cloud computing in law firms, cyber crime in law firms, Data Privacy Law Firms, Data Protection Law Firms, IT services for law firms, IT services for solicitors, Law, ransomware in law firms, sector
Comments


Cyber Security for Law Firms ….. 8 Top Tips to Keep your Firm Safe

When I am talking to law firms, one of the most frequent questions I get asked is how firms can manage the ever increasing risks from cyber crime.

Protecting confidential client information is one of the most essential requirements for any legal business to ensure compliance with SRA Principle 10 and outcome 4.1. In addition, safeguarding confidential client information is pivotal for law firms to protect themselves from reputational damage, disruption to business operations and the potentially crippling fines that will be levied for security breaches once the GDPR comes into force next year. (If you missed my previous blog outlining what GDPR is all about for law firms you can read it here).

Law firms, unfortunately, are a natural target of cyber criminals, as they are dealing with so much confidential material, ranging from personal data, to trade secrets, to large financial transactions, through to the personal affairs of high profile clients.

Indeed a study published by Osterman Research Inc in August 2016 showed that 72% of UK based organisations had suffered a security attack in the previous 12 months. The types of attacks experienced are diverse, ranging from “phishing” attacks, where criminals attempt to obtain access to confidential information or passwords, through to “ransomware” attacks (as covered in my previous article) where criminals hold your data to ransom by encrypting it and demanding money for its decryption. The motivation behind these attacks varies from quick money-making scams, through to identity theft and onwards to much more sophisticated espionage.

As such, it is critical that cyber security is not just treated as an IT issue, and that there is ongoing Senior Partner level involvement with establishing and maintaining an effective information risk management regime around cyber security.

Such policies will involve a multifaceted approach, which needs to include:- 

1. Identifying where your data is held.
This could include in-house servers, company and employee owned portable devices such as laptops, tablets and smartphones, data that has been copied to removable media such as USB sticks, data that has been shared with business partners and other third-party organisations, copies of data taken for backup purposes and data that is stored in the cloud. Until you have identified where your data is, it is nigh on impossible to protect it adequately. Indeed, because it is so hard to control information which is dispersed over a wide range of devices and/or geographical locations, many firms are choosing to now pull all their information together into a central, UK based repository which makes it much easier to protect.

2. Identifying who has access to your systems, both within and outside the company.
What level of access does each system user have? How is this reviewed? What SOPs do you have for starters and leavers?

3. Regularly reviewing how your network is secured.
Nowadays having a firewall and some anti-virus software is just the tip of the iceberg, and a much wider array of technologies is needed to provide full protection from today’s sophisticated threats.

4. Having in place strict and timely procedures for applying security software updates to your systems.

5. Putting in place safeguards, procedures and policies around mobile working.

6. Implementing procedures around physical security of your servers and IT equipment.

7. Implementing ongoing staff training around cyber security threats.
It is important to remember that your security is only ever as good as your weakest link on any given day. That could be the temporary administrative worker who unwittingly opens a seemingly legitimate attachment or website link which turns out to be something much more sinister.

8. Having contingency plans to fall back on should the worst happen.
These should include incident response plans, frequent backups and full disaster recovery plans.

It is also worth remembering that that securing your law firm against cyber security threats is not a one-off task, as with the constantly changing security threat landscape, it is critical that all risk management activities around cyber security are reviewed and updated on a continual basis.

If you would like to discuss ways in which Xara Computers can help you reduce your law firm’s risk from cyber security threats, please do not hesitate to contact myself, or my colleague Andrew Banning, on 0208 732 5656 or email us on mk@xc360.co.uk or ab@xc360.co.uk  when we will be happy to help.

No Comments

Sorry, the comment form is closed at this time.

404a Kenton Lane
Harrow
Greater London
HA3 8RQ

logo

IT Services For Business
Cloud Hosted Desktop - IT Support - Cloud Hosted Telephony - IT Security - Compliance - Print Management - Protected Data

Email: enquiries@xc360.co.uk
Support: 0208 732 5650
Sales: 0208 732 5656

All calls to and from XC360 maybe recorded for quality and training purposes.  

A list of directors is available from the registered office.

XC360 is the trading name for Xara Computers (UK) Ltd.

Registered trademark number 015293178

Registered In England and Wales
at 9 Berners Place, W1T 3AD

Company No: 04012870
VAT No: 757 148 408

Cookie & Privacy Policy
 Website Terms