Defensive positions: Cloud expert Martin Palmer on protecting your firm from cyber threats
Law firms make attractive targets for cybercriminals. There is a wealth of confidential and commercially sensitive information sitting on the company network and exchanged by email that makes firms vulnerable to attack. While most cyber attacks are opportunistic, such valuable data does increase the risk of a breach.
PwC’s latest annual law firm report highlights something startling. According to last year’s research, 73% of law firms in the UK suffered a security breach in 2016. Yes, this issue is a serious one.
Apart from the damage to your reputation (and your bottom line) there are wider regulatory issues to consider. I have to mention GDPR here as one of the most obvious, but it goes beyond that.
It’s also true that while the threat is growing and everpresent, it’s not all doom and gloom. There are ways to protect your business, your employees and your clients, and effectively to mitigate the risk of an attack.
The tricky part is knowing where to start. You know that you need a layered cybersecurity strategy and the supporting solutions in place – ones that look after your network, your applications and your staff. But with so many vendors and products on the market, it’s not always as simple as it needs to be – especially if you’re charged with keeping your own data safe as well as that of your clients.
As with any problem, it helps to understand the threat landscape and what you’re dealing with. You need to remember that no matter how good your strategy and solutions, no organisation is 100% immune. What this means is that your firm needs to be in a position where it can carry on operating during and after an attack. And this is where a business-continuity plan comes into play as part of your wider cybersecurity strategy.
Ideally, your business should adopt a risk-based approach. By knowing your business extremely well, understanding your attack surface, defences, and where the gaps lie, you can prioritise your risks around the three key areas of technology, people and processes.
It’s also not just about the here and now. Cyber attackers and their methods are evolving rapidly, driven by advances in technology. In the future, the bulk of threats is likely to come from mobile phones (attacks on smartphones will give hackers easy access to work information), AI, machine learning and internet of things, which will transform the threat landscape even more. Daunting? Yes. But impossible to deal with? Not at all. While you may not have the right skills in-house to deal with it all, there are various solutions on the market that can help, as well as experienced security providers that can add the resources and expertise you need.
It’s a lot to manage but it’s critical for the health of your business. As long as you recognise the threat and the fact that your firm is a likely target, you can put the right plan in place for the risk to be mitigated, thereby helping you to protect yourself and your clients.