The list of businesses having suffered a breach of data security is growing ever longer and includes many top level organisations including FIFA, BA and Marriott International.
But when even the biggest names are seemingly unable to prevent cyber theft, how can law firms combat the threat? The Financial Conduct Authority reports that much of the damage caused to the NHS by the Wannacry ransomware in 2017 could have been avoided by basic security best practice.
Paying attention to the following five areas will go a long way to making your firm more robust in the face of cyber threats.
People are a weak link when it comes to cyber security. They open phishing emails, download infected files, choose weak passwords, fail to regularly change passwords and are tricked into revealing sensitive information.
Every member of the firm should be trained in understanding the threat and how to best repel attempted attacks.
Healthy IT practices such as choosing strong passwords, regularly changing them and not downloading unknown files should be implemented as a matter of course by everyone from board members down.
Regular training to alert all staff to new scams is essential and the message about cyber security should be driven home to the extent that everyone is aware of it at all times.
One of the mistakes the NHS made that left it vulnerable to attack was failing to patch and update software.
Software manufacturers are constantly making revisions to deal with new threats. Firms should have a robust system in place to ensure that updates are applied as soon as they are available. Old systems should be assessed to see if they are weak, as this is an area that hackers look to exploit.
Finding weak passwords can be easy work for hackers. Staff members need to use strong, random passwords, preferably created by a password generator.
A password manager can be used to store the password in encrypted form. All the individual needs to remember is the single password for the manager.
Passwords should never be repeated or used for more than one application, and regular password changes should be routinely scheduled, especially when there are personnel changes.
Two-factor authentication or 2FA stops hackers who have a valid username and password from gaining access to a system or database. 2FA requires not just something you know, but something you have as well. Knowing the password alone is not enough; a code or other secondary authentication is needed, often sent via the user’s mobile phone.
Other secondary methods of authentication include tokens or biometric data.
Encryption is one of the most important methods of protecting data. Data loss protection software uses an algorithm to put information into a coded form that is unreadable without the key or decryption code. It is essential for the protection of data sent across networks. Law firms should also routinely encrypt all stored data in this way.
While cyber attacks are on the increase, it is easy to feel helpless. But by being aware of the weaknesses hackers are looking for and acting to minimise them, law firms can do much to reduce the threat. Where a firm is difficult to penetrate, hackers will move on to the next one, where security might be more lax.
Cyber Crime continues to show no signs of slowing down as SRA reports have shown it has risen again over the last year and the amount of client money reported as stolen has also again increased over the last 12 months. Conveyancing has now become the highest risk area of law so law firms will need robust procedures in place in order to protect themselves from fraudsters.
To ensure you shield yourself and your clients against fraud and reassure clients that their needs are priority when it comes looking after their money it would be prudent to implement Lawyer Checker’s products such as Account and Entity Screen, Consumer Bank Account Checker, and OnDMARC software to safeguard your business.
