Cyber attacks do not discriminate, explained Mimecast senior vice president of security awareness Michael Madon, and can affect every firm – whether you’re a boutique or BigLaw outfit.
“Like any business built from the ground up, with legacy systems at play, the cyber security practices of law firms may not be up-to-date or provide adequate defence against today’s sophisticated cyber security threats,” he said.
As such, cyber attacks are everyone’s problem in a law firm, he posited.
“With the security landscape changing so rapidly, and law firms often steadfastly established in the way they operate, it can be difficult to get internal buy-in to increase security technology and awareness,” he said.
“Yet by their very nature, law firms manage sensitive information every day, and it is a duty to the client to ensure this information remains secure. The digitisation of information requires a new way of thinking and an added resilience to counter potential cyber attacks.”
But too few in the legal profession are actively concerned with such matters, Mr Madon noted.
“Traditionally, law firms are focused on supporting clients and managing billing in six-minute increments. Any training is more likely to be spent on delivering a better service to clients rather than on being cyber security aware,” he said.
“For the firms [at which] cyber security is a priority, it is more likely that this comes in the form of a technology investment, such as a security add-on, rather than a time investment in awareness training. Cyber security is not a case of one or the other, to be successful it needs to be complementary. This is especially the case 90 per cent or more of cyber security breaches occurred as a result of human error. For any business, taking an ‘It won’t happen to me,’ approach could potentially prove devastating.”
Smaller firms that are concerned about the financial cost of such cyber protections need to consider that the professional cost of an attack will be much greater, Mr Madon said.
As such, cyber security training awareness is fundamentally important for firms across the board, and the professionals within them.
“Law firms of all sizes need to tackle cyber security from multiple angles, and this includes educating employees on taking responsibility to protect themselves, their organisation, and their clients against cyber attacks,” he said.
“With the blurring of technology use and access between work and home, law firms need to keep cyber security front of mind whether they are in the office, at home, or when travelling. Security awareness training has to be developed with the needs of each organisation in mind, embraced by senior partners, and introduced across a firm to ensure everyone is part of the cyber resilience journey.”