Security experts say online criminals have now moved away from blitzing the web with a virus then waiting to see what happens. Rather, the trend is toward highly targeted ‘surgical strikes’ on specific companies and particular processes. The new cyber-criminal is motivated primarily by financial gain, experts say, and organisations that handle personal data are finding themselves particularly vulnerable to attack.

“We see wireless and mobile computing facilities as a major cyber security threat in 2006,” said Jennie McLaughlin of IT security and risk management firm, Cybertrust. “The threat is increasing in proportion to the trend of increased adoption of these facilities.”

Law firms certainly need to redouble efforts to ensure their own mobile systems and processes are as secure as possible, McLaughlin said. However, they also need to help their clients brief themselves on the risks — as well as the broader compliance and risk management issues — associated with mobile technology.

“Security requirements should be specified in contracts, service level agreements and so on,” she said. “Legal considerations and compliance should be an integral part of companies’ corporate governance, risk management, and security management framework.”

Getting people to accept the need to protect their Blackberrys, laptops and other mobile devices may, however, prove challenging, warned William Shipway, IT security specialist at Blake Dawson Waldron. Such devices may become quite difficult to use once adequate protection has been installed. “If the threat is not fully appreciated as it should be, then people may not go for [using mobile devices],” Shipway said.

For more on security risk, see this week’s Technology Report on p16