Cybersecurity for law firms

Cybersecurity for law firms

Cybersecurity is a critical issue for businesses including law firms. In the latest 老司机午夜福利 report, , mid-level law firms identified that cybersecurity was the third most urgent challenge they are facing.

Those who hold business sensitive data should take their cybersecurity seriously. New data protection requirements from 25 May 2018 when GDPR comes into force will compel an increased compliance; as all law firms hold significant amounts of personal data, robust plans to protect client data and by extension the firm鈥檚 reputation, should be in place, no matter the size of the firm.

Cybersecurity is an issue which is not going away. In 2015, of law firms reported a cyber-attack in 2015. By 2017, the figure had increased to the having reported suffering a security incident in the past 12 months, with the report going on to note that 12% of firms claim to be recipients of such attacks on a daily basis with a further 30% identifying attacks on either a weekly or monthly basis.

But how can smaller and mid-size firms keep up and keep client and firm data secure?

In an ideal world, all law firms need some form of internal technology expertise, 鈥渢o plan, guide, structure and deploy the relevant technology in a proactive, rather than reactive way鈥 says Neil Prevett, Technology Director at regional mid-size firm Gardner Leader. Neil joined in 2010 as IT Director, the sole internal IT resource, and has now built out internal expertise to a team of four.

Why is cybersecurity so important and why should firms be concerned?

鈥淭he need to focus on Cybersecurity is as important as the need to focus on their accounts system. It forms part of the big picture when it comes to providing excellent service and peace of mind to our clients. The risk of cybersecurity cannot be ignored and will not go away, so law firms need to take action to ensure they protect themselves and their clients as much as possible鈥, Neil told us.

鈥淐riminals & fraudsters鈥 methods are getting more sophisticated and complex and so are the solutions to combat them. It is critical that we try to stay a number of steps ahead 鈥 not only to protect us, but also our clients鈥 data.鈥

Cybersecurity is just one of a number of new threats/concerns to a law firm, as well as the complex issue of moving technology forward in a firm to the benefit of staff and clients alike. Neil鈥檚 belief in robust systems and plans comes from the fundamental relationship between law firms and their clients: 鈥淲e believe clients 鈥榓ssume鈥 that law firms will do all they can to protect their data and we take the responsibility of this 鈥榓ssumption鈥 very seriously.鈥

Retaining a commercial advantage

鈥淭he commercial advantage is probably the avoidance of bad publicity due to a breach鈥, Neil Prevett told us. 鈥淟ike most technology projects, most work is done behind the scenes and is unseen by staff and clients. Our main role is to ensure a solid, reliable and secure system that is fit for purpose and delivers what is required.鈥

A data breach can take many forms but whatever the outcome even the fact that one has occured can be enough to create bad publicity and for the firm to have to publicly acknowledge the situation.

In June 2017, a global cyber-attack against DLA Piper caused both operational upset and forced the firm to issue a statement acknowledging that there was 鈥渘o evidence that client data was taken or that there was a breach of confidentiality of that data. To our knowledge no interest of any client has been prejudiced as a result of this incident.鈥

In December 2017, in which 16,000 email contacts were sent when the firm was hacked. Emails were sent under the subject line 鈥楢ction Required 鈥 Matter for Attention鈥 and asking recipients to open an 鈥榰rgent鈥 attachment. The firm released a statement apologising for the inconvenience to clients and warning them not to open the attachment but the longer lasting issue to the firm is that articles still linger recording the breach.

Addressing Cybersecurity and priorities

鈥淢y 鈥榯ip鈥 for any law firm that wants to move their IT systems forward is to ensure that they have a technology leader in the organisation that has law firm experience and knows how to manage and deliver such critical services.鈥

Neil was clear that internal resource and budget was crucial: 鈥淲e have specialist managers in the areas of IT, HR, Marketing, Finance and so on, rather than these functions being an additional burden to the solicitors or Partners. Outsourcing can often 鈥榓ppear鈥 to be good value on paper, but unless you have people that can really understand and react quickly to the lawyer鈥檚 needs, the benefit is lost. There is no way we could provide the speed, accuracy, efficiency and response to queries raised if we outsourced.鈥

Other tips include:

  • Understand the risks and keep a constant review of security systems and procedures to ensure that the best/most relevant protection that resources will allow are in place and up to date.
  • Keep in touch with new technologies, threats and security by holding regular meetings with suppliers, attending other forums and exhibitions to keep abreast of what is happening and available in the marketplace.
  • Encrypt data and ensure all employees regularly change passwords and do not leave workstations unattended without locking devices.
  • Deliver internal training to make sure the risk of a breach internally is reduced: Neil told us that 鈥測ou can never provide too much training 鈥 the problem is getting lawyers away from their desk long enough to take part in the training. However, we try to provide ongoing workshops on a regular basis and these are proving useful and of benefit when trying to introduce new functionality. We also use our internal systems to spread knowledge/awareness of issues such as cybersecurity and the need to be vigilant, as well as online training with regards to compliance training on Solicitors Account Rules and Money Laundering and so on鈥.
  • Be aware of the new GDPR regulations and the issues surrounding client personal data. Compliance is therefore critical and cybersecurity forms part of that strategy.

Further guidance

For futher insights into the state of tech investment and challenges, read our latest report: For more guidance and support on compliance, find out out LexisPSL Practice Compliance .

Neil Prevett is Technology Director at Gardner Leader LLP. His experience includes 4 years with a major legal software supplier, and 8 years with a top 150 law firm before joining Gardner Leader in 2010. He was awarded Regional IT Director of the Year at the Legal Technology Awards in 2009.

 


Related Articles:
Latest Articles: