With a recent news release from the SRA revealing that cyber crime is rapidly escalating, with almost double the number of cyber thefts being reported in the first quarter of 2017 compared with the same time last year, and triple the amount of money being stolen, I today wanted to talk about pragmatic approaches to minimising your firm’s risks of being targeted by cyber criminals.
Cyber crime is now prolific, with law firms unfortunately being a natural target due to the large amounts of confidential information and high value financial transactions that they are dealing with. Indeed according to the SRA, in the last year (April 2016 to March 2017) they have seen cases involving around £11m of losses.
Property transactions are a particularly high risk to client money, but cyber criminals also target inheritance money and law firms’ own money too.
In addition to SRA compliance breaches and subsequent action, any such event can also cause massive reputational damage to a law firm.
So how can law firms protect themselves from these cyber threats?
Firstly, I would say that it is vital that a joined-up approach is taken to cyber security management, as in the ever evolving threat landscape, it is nowhere near enough to just be relying on one or two technical measures like some anti-virus software and a firewall. Rather the firm’s cyber security strategy must involve senior partners, as well as technical personnel, and be formulated as an integrated suite of risk management measures encompassing business processes, technologies, staff training and procedures.
I would also recommend that as a starting point, law firms look at the Cyber Essentials scheme, a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. Whilst by no means protecting against every possible threat, the cyber essentials scheme does provide a framework for good practice around cyber security, covering five technical controls:
- Boundary firewalls
- Secure configuration
- User Access control
- Malware protection (including ransomware)
- Patch management
Additionally, the government already requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essentials scheme, and it is clear to me that these types of accreditations and requirements are only set to continue and grow, as they inevitably percolate all the way up through the supply chain. Indeed the SRA Cyber Security roundtable this spring also recommended that firms should consider the benefits of this scheme in protecting themselves from cyber-attacks.
Over coming blogs, I will be exploring in more depth some of the key ways law firms can manage the risks posed by cybercrime. In the meantime, if you are concerned about your firm’s cyber security compliance position, or you would like to find out more about the Cyber Essentials scheme, please do not hesitate to contact me on 0118 920 9600 or email james.stratton@connexion.co.uk when I will be happy to arrange a no obligation conference call to discuss how Connexion can help.
_________________________________________________________________________________
Established in 1994, Connexion Ltd provides IT consultancy, IT services and IT support to mid-size law firms, solicitors and legal services companies throughout the UK. Our focus is on delivering IT solutions that create real value to our clients' firms. Working closely with our customers’ in-house IT Managers, our structured and managed approach to delivering IT is paramount in ensuring our clients can maximise the business advantages technology can offer them, whilst minimising their risks. For more information about our services for law firms please visit our website http://www.connexion.co.uk/law/
No comments:
Post a Comment