10 tips for legal professionals to protect against cyber attacks
The legal and conveyancing industry is becoming more digitised by the second, and it’s no surprise the more digitised the sector becomes, the higher the risks of cyber crime-related activity.
Compared to other sectors – the legal, financial and accounting industries are more susceptible to come under attack and rank in the top three industries with the highest number of reported data breaches (between 1 April 2019 and 30 June 2019).
Of these breaches, 62 per cent were caused by criminal activity and a staggering 34 per cent were the result of human error (tip: don’t click on that phishing email asking you to enter a competition). So, what can firms do to protect their staff, their business and their reputation from cyber security threats?
Here are 10 steps all lawyers and conveyancers should be taking:
1. Assess your current cyber security risk
The first step in strengthening your cyber security measures is identifying what you are doing well and what is inviting a cyber breach. Review all of your internal processes and protocols to identify where your firm is vulnerable. Consider consulting your IT team or hiring a cyber expert to conduct an audit. Keep in mind what the greatest cyber security threats to lawyers and conveyancers are: email phishing scams, ransomware, data leaks and internal malpractice.
2. Make sure your security software is up to date
Frequently, we hear about new technological innovations shaping the legal and conveyancing industry. What we don’t hear about are the advances in malware and ransomware. Ensure your security software is updated regularly to give you the best chance at avoiding ever-evolving cyber attacks.
3. Implement spam filters
Use a spam filter to prevent dangerous and unwanted emails from appearing in your inbox. Not only will there be less emails to read, there will also be less opportunity for employees to be tricked by a scam. Given lawyers and conveyancers have access to highly confidential data like contracts and business strategies, law firms face an increased risk of being targeted by cyber criminals.
4. Manage passwords securely
Passwords are often a focal point for hackers and phishing scams, so poor management of your firm’s logins leaves you at risk. Set strong passwords, with a random combination of upper case letters, lower case letters, numbers and symbols. Change your passwords frequently – at least once every few months. Lastly, make sure they are stored safely. Don’t send your login details in email or store them online. There are a number of free or paid apps available that securely store your passwords.
5. Limit administrative capabilities
Administrative access allows users complete access to your firm’s systems and networks. By limiting the number of employees who have access to this power, you reduce the risk of hackers gaining complete control if a breach occurs. Be aware of internal threats too: limiting administrative capabilities also helps reduce the risk of disgruntled or corrupt employees stealing data.
6. Go phishing
Run frequent exercises with staff, where employees must identify which emails are phishing scams. This makes people more vigilant on a daily basis, reducing the likelihood a staff member will unknowingly fall victim to a “phishy” email. Make sure that staff are regularly checking their email “rules” to check that an auto-forward has not been set up following a phishing attempt.
7. Educate your employees and clients
While blame for one in three cyber breaches lies with employees, it is an employer’s responsibility to train staff in cyber security – it’s their reputation on the line, after all. Hold monthly cyber sessions with all staff to educate them on types of cyber security threats, how to avoid them and what company policies are. Make sure to educate clients as well, by including a note in your email signature about what information your firm will never ask for over email.
8. Understand what sensitive data is
When thinking about sensitive data, information such as bank details, passport number and date of birth spring to mind. However, what can be classified as sensitive data extends far beyond the simple stereotypes. Make sure your employees know what information is sensitive, both for your firm and your clients.
9. Protect important information
Use firewalls, antivirus and DDoS software to protect your data from cyber threats. Encrypt sensitive data and back up important legal documents. Be careful of what software you install on your computer, and understand what information your programs and apps collect.
10. Have a plan of action
It’s best to approach cyber security using the not if, but when mindset. As part of your firm’s cyber security preparation, formulate a data breach plan outlining what actions are required and what responsibilities each member of your team has. The legal and conveyancing industry is a lucrative target for cyber criminals, and all lawyers and conveyancers need to be proactive and vigilant in response to this threat.
Be smart. Be ready. Be cyber-savvy.
Rafe Berding is the CEO of The Search People.