The Legal Sector is particularly vulnerable to cyber attacks as not only are senior staff members often reluctant to follow corporate security procedures, but they hold data of a valuable and sensitive nature.
Moreover, aside from any reputational and financial loss, the ICO has stated that solicitors are usually considered data-controllers in their own right, and as such are legally responsible for the information they process.
A serious breach of the Data Protection Act could see a firm fined up to £500,000.
The Solicitors Regulation Authority (SRA) highlighted cyber security concerns in this year’s Risk Outlook Spring Update:
“Law firm client accounts are being targeted and solicitors and their clients are suffering disruption and potential loss,” said Paul Philip, SRA chief executive.”It is essential that firms understand the risks and take precautions to avoid falling victim to these attacks.”
Government Communications Headquarters (GCHQ) estimates that 80 percent of cyber attacks could be prevented if businesses follow simple guidance. They point to basic guidance, such as educating employees to avoid guessable passwords, not opening attachments in unsolicited emails and not using personal email to send and receive work related documents.
PwC has warned that many law firms believe themselves to be “too small or obscure to warrant the attention of professional hackers”. However, they note that “there is no question that law firms are among the companies being targeted by cyber criminals”.
Cyber criminals are using increasingly sophisticated methods to target uninformed IT users with phishing, spear phishing and social engineering attacks to dupe the recipients into opening a malicious link or attachment.
PwC Annual Law Firms Survey 2015 reported that:
“Information security is an ever-increasing threat to the reputation and brand of a law firm. Over the last year, there have been a number of high profile cyber-attacks, and 62% of law firms reported that they had suffered from a security incident (up from 45% in 2014). The greatest vulnerability is through targeting the workforce, with the majority of all breaches in our experience being due to staff falling victim to phishing attacks (fake emails or websites).”
A recent phishing email has been one claiming to be sent from the Land Registry with an attached requisition, however the attachment may contain malicious software which if opened could compromise your network. And there have also been virus-infected emails purporting to come from the Solicitors Regulation Authority!
It is imperative law firms ensure their IT users are security aware and vigilant against evolving cyber attacks.
Security Awareness Training delivered at the desktop, and combined with simulated cyber attacks, is being used by firms to build a human firewall of empowered IT users.
Contact us to find out which law firms are already using our Security Awareness Training service – call 01256 379970 or email firstname.lastname@example.org