Legal Sector Faces Increased Risk of Cyber Attacks
Operations Director Andrew Jenkins discusses why professional services are a prime target for cyber fraudsters and how law firms in particular are an easy target – plus what the industry should do to protect itself from attacks.
Advising clients on how to protect their business against cyber crime has now become one of the most sought-after services we offer, which is no surprise in a world where we operate digitally in almost all spheres of our lives. The professional service sector is particularly at risk, due to the amount of confidential and financially sensitive date it transfers digitally.
Recent research by Cert-UK highlights how unprepared in particular the legal sector is for cyber attacks. Given the data-heavy nature of work undertaken by law firms - which sees written documents containing sensitive client and business information being circulated via email on regular basis - it would be assumed that the legal sector would be ahead of the game in terms of protecting itself from online crime. However, the statistics tell a different story.
Research shows that 62 per cent of law firms in the UK are estimated to have been victims of a cyber attack in the last year, while only 35 per cent of law firms have a mitigation plan in place in case of an attack. This is astounding and particularly concerning given the volume of personal, business critical and commercially sensitive information law firms hold.
The legal sector has become such an obvious and easy target for cyber criminals in part due to the amount of files – from PDFs to Word documents and Excel spreadsheets to saved email trails – which can be sent without appropriate anti-malware programmes and other cyber security resilience tactics in place. Remote working and the need for 24/7 contact with clients compounds the risk, as lawyers and other professionals working in professional services are more likely to work on unprotected connections and on less secure devices at home rather than in the office.
We predict another explanation for the legal sector’s vulnerability is that smaller law firms – like small businesses in general - are adopting the approach of ‘we’re not big enough to be the target of cyber crime’ – but that is their first and perhaps most serious mistake. Any business, no matter how small, is at risk of a cyber attack if it is digitally transferring sensitive and personal data.
In addition, many law firms can be old fashioned in their approach to calculating risk, considering it more likely for a ‘Friday fraudster’ to use the phone when attempting to hijack funds being transferred for house completions, because this has been the mode of threat in recent years. ‘Friday fraud’ is still happening but more commonly online than via the phone.
Our advice to law firms and the professional services sector in general is simple: take cyber crime seriously. Law firms should put time aside to discuss with their insurance broker if they are covered for cyber attacks and if so what security they have in place and whether it is adequate.
Our advisers can talk through protection options and will fill out a basic form which requires information about the law firm, its processes, its risk management strategies and its procedures. In a nutshell, Russell Scanlan in partnership with Berea, a Leicestershire based cyber security management and training business, can provide a steer as to whether your law firm is in need of protection by completing a comprehensive cyber audit and returning a set of recommendations.
If you feel your law firm could do with a cyber audit, then please get in touch with one of our team who will be happy to have an informal chat about your needs.