Cyber basics for lawyers

The Society has published a new guide for solicitors to help them reduce the risk of cyberattacks.

The Guide to Cybersecurity sets out key risk areas, the potential impact and consequences of a cybersecurity breach and what solicitors can do to help significantly reduce the likelihood of a successful attack on a their business.

Cybersecurity risks for law firms include:

• IT systems – IT system security can be compromised in many ways, for example if updates are not regularly installed, systems can quickly become vulnerable to attack.
• Physical security – cybercriminals can use information leaked either over the phone or in hard copy to access IT systems.
• Staff – without proper training, staff unaware of risks are a big threat as they can disclose data or make unauthorised transactions in response to a seemingly plausible request.

The guide also highlights the need for a well-thought-out response and disaster recovery plan in the event of a successful cyberattack.

Helena Brown, vice convener of the Society’s Technology Law & Practice Committee, and data protection and intellectual property partner at Addleshaw Goddard, said: “Cybercrime poses one of the most important challenges to business, with increasing numbers affected by frauds and scams.

“Many of the threats to legal firms are no different to other businesses, but in the legal world, where keeping client information confidential and client funds secure is paramount, the consequences of not having a robust cybersecurity plan in place can be extremely severe, not only in terms of potential data or financial losses but also to the reputation of the firm.

“While there is no shortage of information on cybercrime and cybersecurity in general, we wanted to have a look at the issues from the perspective of solicitors and legal practices. The Society’s guide has been designed to help solicitors and their staff team understand and defend against cyber threats. It provides simple tips that could help safeguard information and protect against reputational damage.”

A copy of the new guide, which has been sponsored by IT consultancy Quorum and cybersecurity company Sapphire, will be sent to all law firms and can also be read online on the Society’s website.

James Frost, managing director of Quorum, observed: “With the increasingly hostile threat landscape, cybersecurity is now one of the top priorities for all law firms to ensure their data, finances, and ultimately their reputation are protected. Quorum believes it is important that firms are armed with as many tools as possible to defend themselves and that’s why we chose to support the Law Society’s new guidance.”

Sapphire CEO Annabel Berry added: “We wholly support the new cybersecurity guidance. Having specialised in cybersecurity for 21 years, we fully endorse the pragmatic advice which the guide offers and the practical steps recommended for every law firm to take to ensure their data, assets and users are as secure as possible.”