Don’t be an easy target
Cybercrime is hitting firms like yours
BUSINESS DEVELOPMENT MANAGER
The risk of cybercrime is a growing concern for the legal sector. Holding sensitive data and significant sums of client money, law firms are a tempting target for IT scammers and hijackers. The repercussions for those falling victim to these attacks can be significant, ranging from reputation damage to financial costs and legal liability.
Cybercrime is such a pressing issue that the Solicitors Regulatory Authority repeatedly highlights the dangers in its Risk Outlook reports for compliance officers. But what is the best way to counter the problem? How can you plan and invest effectively for a threat that could strike tomorrow but might not emerge for the next two years?
Countering the threat
When it comes to cybercrime, prevention is the best medicine. However much you invest in technology, it won’t be effective in isolation. Human behaviour is the weak point of any security strategy, so engaging staff plays a vital role. But how do you strike a balance between technology and training, and where do you start?
The cornerstone of an effective cyber defence strategy is a realistic and accurate baseline assessment of existing technical architecture, policies and procedures. This can be overlaid with information about cyber risks most relevant to the legal sector – such as Friday afternoon fraud. Together, these insights can inform decisions about how and when to invest in technologies, planning and training.
There is no magic shield to prevent cybercrime. But law firms can take proactive steps to reduce their vulnerability and minimise the negative impact if an attack occurs. An intelligent approach comprises four key elements:
- IT operations process improvements
- New security technologies to intercept threats
- Cyber incident response and business recovery/continuity plans
- User awareness
The fact is that cybercrime has become one of the big issues of our time. In the face of this, cyber defence strategies do need to become more sophisticated. However, simple measures – such as regularity and integrity of backings as well as service recovery time – should not be overlooked.
Cybersecurity is an ongoing journey. There is no room for complacency, even for firms that can afford to invest in state-of-the-art IT security technologies. For professional criminals, cybercrime represents a lucrative business. And like all professionals they hone their skills and continually innovate to help maximise their gains.
Falling victim to cybercrime can leave any law firm severely shaken. In 2017, make it a priority to understand your practice’s vulnerabilities and devise a proportionate response.