GDPR and Cyber-Crime: Are You Aware of the Risks?
The term GDPR is everywhere in the media today and for very good reason. Cyber-crime can no longer be seen as a risk to only the big companies or just the financial sector. A total of 78% (the equivalent to 1.9 million incidents) of cyber-crimes as reported by the Office of National Statistics (Crime Survey for England and Wales CSW) – were incidents of bank and credit account fraud. The UK Finance data showed a staggering £101 million lost to transfer scams in the first six months of 2017. The majority of offences occur through the use of mobile apps, malicious software and DDoS hacking attacks.
What we seriously contemplate is the fact that law firm cyber-attacks are on the rise as well. As much as 73 law firms out of the top 100 in the UK have reported cyber breaches. Leading cyber security agencies confirm an increase of as much as 60% in the last 2 years, this is because of the nature of information they retain.
Out of these, 55% of law firms reported attacks through the use of viruses or other malware. The remaining 16% of firms faced significant attempts to break into their company’s network. Alongside statistics, is it not time to ask whether your law firm has enough protection? What can be done to mitigate the risks and improve your company’s data security?
The World’s Strongest Data Protection Rules are Here
It is good for us to know that businesses and individuals in the UK are now covered by Europe’s strongest data protection rules since 1995. It’s main purpose being the modernisation of laws that protect the personal information of individuals. Accordingly, the new rules have come into effect this year, 25th May. The GDPR is fundamental in determining how organisations – large and small; access, store and protect people’s personal information.
A few of the issues the new data protection rules address for businesses and public sector organisations includes:
- GDPR determines the necessity of companies to have mandatory data protection policies in place. Consequently this must include all relevant documents as to why companies collect and process data.
- Under these laws, the “destruction, loss, alteration, unauthorised disclosure of, or access to” data of any person must be reported to the country’s data protection regulator (ICO).
- In addition, all companies must inform the ICO of a data protection breach within 72 hours of the incident. An impact assessment is essential as well.
- If an organisation does not comply with any of the above rules they can face fines of up to £17 million or up to 4% of their annual turnover.
How Can Your Law Firm Stay protected?
It is the aim of these data protection rules to address the global phenomenon that is cyber security by bringing governance and compliance of data security and management of personal information to the foreground. Companies should make every effort to employ an information security policy; and by doing so protect the rights of their customers in turn. By managing the risks companies can protect themselves from exploitation, loss of revenue and reputational damage. Other technology trends such as data analytics can assist with a company’s security in the prediction and prevention of cyber-attacks.
With our technical solutions we can review your setup in order to identify, secure and prevent a wide range of vulnerabilities. Our services includes the following 3 essential resources to identify your business’ resilience to a cyber-attack:
- Anti-Virus & Anti-Malware
- Intrusion Detection
Following our review you will receive a detailed report, which will provide our recommendations in order to effectively secure your law firm’s data. We will also work with you to build a data strategy that we guide you through a successful implementation, which will also be in line with the latest GDPR regulations. This complete policy will guide you on what to do in the event of a data breach.
Contact us today to discuss this topic in further detail.
We look forward to hearing from you!