Does Your Law Firm Have a Sufficient Cyber Security Foundation?
Whilst the digital revolution has allowed the flow of information to thrive, it also brings the opportunity for extensive exploitation. Computer systems and networks become dated – and increasingly insecure –at an extremely rapid rate. Outdated computer systems are especially vulnerable as newer machines often have better built-in security. This means that the potential for cyber threats increase tremendously when your systems and networks are left unprotected from unauthorized access and exploitation. Out of the top 100 Law firms in the UK, 73 have reported cyber breaches in the last year. How much has your firm invested in security? And more importantly; are you adequately protected?
To help mitigate the risks of potential cyber-attacks, we want to highlight 7 key areas where your law firm could improve on cyber security.
1. Conduct a Proper Port Scan
Emails are often the weak link through which attackers get malware into the systems of their victims. Open ports exposed through the internet is equal opportunity for malicious attackers. With their tools, they scan the internet for open ports that are exposing Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), or other remote administration services. It is through these services that access into your network can be gained easily. IT teams can use tools such as Nmap, masscan, and Shodan to see where servers, networks and their associated services are exposed. It is essential for every law firm to check these areas and implement proper safeguards.
2. Invest in Improved Anti-Virus Solutions
The ways in which attackers are packaging, delivering and deploying malware is ever-evolving to evade AV detection. Cisco’s 2017 Annual Cyber security Report notes 38% of companies that experienced a breach lost more than 20% of revenues, while 40% lost more than 20% of their customers. Given the enormous expense and damage that a cyber-attack can inflict, choosing the right antivirus software program is a vital decision. A full endpoint solution such as Webroot – an official partner of Zapro Digital – can help your law firm stay protected across all platforms. Securing your data networks, activities in the cloud and on individual devices with threat identification, prediction, and remediation in real time.
3. Investigate Third-Party Risks
According to a survey by Soha Systems (Acquired by Akamai Technologies), 63% of all data breaches can be linked either directly or indirectly to third-party access. It is estimated that as much as 80% of all law firms are not vetting the practices of their third-party service providers. Risk categories include:
- Compliance risks: The violation of internal policies and procedures of data use and protection.
- Operational risks: Loss as a result of inadequate or failed internal processes, people, and systems, or from external events.
- Transactional risks: Includes all activities associated with the delivery of a product or service.
- Reputational risks: The damages caused to your reputation resulting from negative public opinion.
- Strategic risks: Involves the creation and implementation of business decisions that is consistent with the institution’s strategic goals.
4. Remove Obsolete Technology
Law firms can avoid the following downfalls of using old computer hardware and software systems:
- Security: Outdated software systems are not geared towards detecting and preventing cyber-attacks effectively.
- Downtime: Older systems can crash easily and consume time and resources to maintain.
- Poor productivity: Employees may struggle to work with older systems and IT staff have to focus on resolving IT issues instead of maintaining current infrastructure.
- High maintenance cost: Contrary to popular belief, the costs of maintaining legacy software and hardware systems are higher in the long term.
- Poor chances of Data recovery: Efficient data recovery is possible through newer cloud-based solutions that encapsulate data backup and retrieval.
5. Mobile Security Matters
Kaspersky said it found twice as much ransomware on smartphones in the first half of 2017 as it did for all of 2016. In addition, Avast revealed an overwhelming rise in attacks on smartphones in the last year, with a reported annual increase of 40%, averaging between 1.2 million and 1.7 million attacks per month. New levels of cybercrime sophistication are making it almost impossible to identify scams, bringing mobile security to the forefront of corporate protection practices. Mobile device protection is essential, and an effective mobile policy can stipulate what information is stored on a mobile device as well as encryption and antivirus methods to protect such information from data thieves.
6. Develop and Establish Formal IT Security Policies
Less than 60% law firms have policies in place like cybersecurity policies, incident response plans, or backup and restoration procedures. Also brought on by the most recent data protection legislation, policies for protecting your law firm’s data systems has now become mandatory. Cyber security is no longer just “an IT thing”. It’s a board-level issue. It is critical to establish the following policies in order to create a foundation upon which your firm can build through auditing, execution, training and more. These policies may include:
- A data audit and registry
- Company-wide information security policies
- Third party security policies
- Management and staff awareness training
7. Make Security Training and Awareness Mandatory for All
Less than 33% law firms have mandatory training for employees. Data protection and security awareness is essential in order to train staff to recognise threats and how to deal with them. We have the following tips for creating security awareness in your organisation:
- Automate compliance management on company laptops and employee devices.
- Use corporate security awareness training to help users understand why compliance is essential and how to operate within the set parameters.
- Empower your employees to use digital security software on their mobile phones as they would on their computers.
- Empower individuals to own their own device security.
- Create communication and handling procedures for employees when data breaches occurs.
The cost of investment security and related IT infrastructures is marginal compared to the destruction that a cyber-attack can cause to your company’s data stores as well as reputation.
Here are a few take-away questions for your law firm to stay abreast of cyber crime:
- What is the company-wide implementation of anti-virus and malware protection and is it used successfully?
- Do you have appropriate encryption technology that protects data in the event of lost and or stolen:
- Mobile phones
- Does your firm have an IT infrastructure contingency plan should a data breach occur?
It makes perfect sense to make security a top priority. Speak to one of our cyber security experts today to get more advice and guidance on how you can protect your business.