A staggering 62% of UK law firms suffered a security breach in 2016, as reported in PWC’s annual law firms’ survey 2017. Such breaches are highly disruptive to daily business operations and firm reputation. What’s more is that they affect the bottom line and revenue too. Renowned privacy and data security researcher, Ponemon Institute, conducted a study on the ‘Cost of Data Breach’ and found that the average global cost of a stolen record was $141 in 2017. This, of course, varies per industry and is likely to be even higher for businesses operating in the professional services sector, e.g. legal and financial firms.
With highly sensitive information stored on any given law firm’s network, they’re an attractive target for cyber-criminals. And, we’ve seen these attacks becoming increasingly sophisticated and diverse in their approach to access such confidential data. So, firms must ensure that they have the right security practices in place and take ongoing actions to protect themselves and the clients they represent.
Along with Eze Castle Integration’s Executive Director, Dean Hill, our certified Business Continuity and Data Privacy Consultant, Matt Donahue, explored different threats in the landscape, their impacts, and shared top tips to bulletproof firms against them, in a recent webinar.
Below is a summary of key points of discussion, as well as the full webinar replay.
Different threats in today’s landscape include:
Physical security attacks
Mobile theft device
Insider data leakage/theft
These are all typical threats to most industries and firm sizes. It is worth noting that not all threats are external, and that some of the more successful attacks need interaction from employees.
Having the Right Security Layers in Place to Become Bulletproof
With the right defence controls, planning and practices in place, cyber-threats can be avoided by law firms. However, the mindset of planning for failure is also important, to ensure complete cybersecurity preparedness if a breach does occur. Steps firms should follow to put layers of security into place include:
Identify – Cyber Assessments, IT audits, Network Inventory
Protect – Access control, Phishing Tests, InfoSec Training, Encryption
Detect – Vulnerability Assessments, Penetration Testing, Continuous Security Monitoring
Respond – Incident Response Planning, Remediation Services
Recover – Disaster Recovery, Security Policy Audit & Maintenance
Incident Response Planning to Fight Back
Unfortunately, the reality of facing threats is real for firms. And, the severity of an incident and its overall impact is often a direct reflection of the systems, safeguards and programs firms have in place to mitigate these risks.
Firms should have strong business continuity measures and an incident response plan in place to fight back. Successful incident response planning should include the following steps:
Establishing an incident response planning team
Identifying the type and extent of an incident
Escalating incidents as necessary
Notifying affected parties and outside organisations
Mitigating risk and exposure
Third Party Due Diligence with Vendor Risk Management
From a security perspective, as more firms leverage outsourced providers, it is important to understand the risks associated with various vendors and any third parties they interact with. Firms should access vendors for risks on at least an annual basis as part of ongoing third-party due diligence.
Making Your Employees a Cybersecurity Asset
The threat landscape is everchanging, with firms falling victim to increasingly sophisticated cyber-attacks. This calls for firms to consider the human factor in becoming bulletproof.
Making employees a cybersecurity asset involves ongoing training and testing. Regular InfoSec training and simulated phishing tests are a ‘no-fault’ way of assessing whether employees can recognise suspicious emails or requests they are likely to come across in real life. Subsequently, firms can train employees in weaker areas accordingly, bridging any gaps in security.
Take a look at this short webinar replay to learn top tips to bulletproof your law firm against cyber-threats and criminals.
- business continuity planning
- cloud computing
- disaster recovery
- eze castle milestones
- hedge fund insiders
- hedge fund operations
- hedge fund regulation
- help desk
- launching a hedge fund
- operational due diligence
- private equity
- project management
- real estate
- trends we're seeing
- videos and infographics