All sectors of the legal profession are dealing with an increasing risk of potential monetary loss, loss of billable hours and operational impact from cyber-attacks, which can target bank transfers, AML checks and other sensitive client data
According to the Solicitors Regulation Authority, attackers use a broad range of techniques, email modification, spyware, ransomware and gaining access to a firm’s systems.
Both client funds and client data present attractive targets for cyber criminals, with attacks designed to harvest and control a law firm’s data. Ransomware is potentially disastrous for a law practise. Firms who pay, still may not regain access to their data, the data may not be complete, or it may be corrupted. Whether payment is made or not, client data may still be auctioned on the dark web, which could be devastating for the firm and the client.
Firms who introduced measures to reduce cyber risks – including controls, processes & policies, were effective in 92% of reported attacks. For the majority, the cost of putting these controls in place was less than the estimated cost incurred from an attack.
Research conducted on behalf of the NCSC confirms that Law firms who certified with Cyber Essentials reduced their risk, with an increased ability to identify a cyber-attack, and respond & recover from a breach.
These firms were more likely to take effective steps to protect themselves from future cyber security incidents with good security policies and procedures in place, and better expectations and awareness.
Firms with good cyber security measures in place, spend less time and money in the aftermath of a breach, and in doing so provide clients with an increased level of protection.
Cyber Essentials covers the basic technical controls that will help prevent common attacks. Secure Internet connections; password security, secure configuration, access controls; malware protection and software updates are all fundamentals which are addressed during the certification process.
Prestige and reputation are paramount to good business; compromising client data isn’t just a breach of security, it’s a breach of trust which goes far beyond immediate financial costs.
Firms with certification are not free from risk, but they are more likely to recover. These firms may include your competitors who will incur less direct costs and be more likely to secure their reputation.