The rise of the cybercrime threat for law firms since the Covid-19
posted by Legal futures Associate search feeds
The global coronavirus pandemic and the increase in the number of people working from home have unfortunately caused a growth in cybercrime. The UK government estimates the cost of cybercrime to be £ 27 billion a year.
The legal industry deals with sensitive data and important financial transactions, making it an attractive target for cybercriminals, who are constantly looking for new ways to exploit any possible situation.
In September 2020, the Solicitors Regulation Authority (SRA) released its review of companies with cybersecurity breaches and found the results “were often catastrophic.” On top of the stolen money, law firms incurred additional costs in the form of higher insurance premiums, lost time, and damaged client relationships.
The SRA posts recent scam alerts on their website, so we can all see what to look for. It also presents an overview of scams as an overview of current scam activity.
Cybersecurity Steps You Can Take Right Now
The repercussions of cyber attacks can be devastating for both clients and law firms, which may never recover their company’s reputation. It has never been more important to ensure that protective measures are in place.
A practiced and well communicated Incident Response Action Plan (IRAP) can help everyone understand their role in a crisis and minimize the inevitable impact. This plan should include:
- The first steps to secure the situation;
- A public relations / communication plan with stakeholders, customers and third parties;
- Maintain a monitoring document of the situation, essential facts discovered, key decisions and resulting actions; and
- Lessons learned and future protection plans
There are accreditations that can help as well, like Cyber Essentials Plus, a government-backed program that will demonstrate to your stakeholders that you take cybersecurity seriously.
With planning, training, and the right technology in place, law firms can reduce risk and be confident that in the event of a breach, they know how to respond and have everything they need.
Here are some questions that can help give you an overview of where your business is today:
- What are the current cybercrime risks for real estate professionals and law firms?
- How up to date are your current cybersecurity policies?
- Are there new or emerging cyber risks to know and consider?
- Do your IT systems have adequate backup, network protection, and systems in place to support diagnostics and remediation in the event of a problem?
- Do you have the in-house expertise to deal with cyber security, or do you need to outsource experts and prepare them in advance if you ever need them?
You can choose to implement a strategy based on these suggestions:
- No matter the size of your business, plan as if you expected to be attacked. It could happen to anyone.
- Enforce a strong password protocol. For example, insist on the correct length of passwords (minimum 12 characters, more is better), follow the last tips on creating passwords – for example adding three words to make them easier to use, by mixing capital letters or numbers.
- Back up your data frequently and in different locations (online and offline) in response to a ransomware attack. Remember to validate the backups from time to time.
- Be aware of the latest phishing scams, which can happen through email, phone, and text. Remember that about 80% of attacks are done through phishing.
- Set up a mobile work policy: Make sure that non-office staff understand company policies and procedures to prevent the loss, theft, or compromise of sensitive information. Seriously consider making a VPN your standard remote access method.
- Make sure that the personal information of all employees and customers is securely protected and that you are confident that your data protection impact assessment is up to date.
- Invest in staff training: Make sure staff know the different types of cyber attacks and how to report a suspected attack.
- Finally, get expert advice. If you don’t have your own cybersecurity staff, bringing in experts and finding a suitable technology partner is essential.
You can find out more from the National Cyber Security Center. He has put together a collection of resources to help businesses protect themselves from cybercrime.
SearchFlow considers cybersecurity to be an essential part of any business. We’ve put together a handy list of key questions to help you take a look at the current state of your cybersecurity.