With reams of sensitive personal data and transactions that involve large sums of money, the legal sector remains a huge target for cybercrime. A study published last year by the Solicitors Regulation Authority (SRA) highlighted just how many costs there are of a cyber-attack to legal practices in Cyber Security – A thematic review. Besides the obvious financial loss for both client and practice alike (a loss of £4m client funds from 23 firms), the impact of a breach causes huge stress and damage to client relationships, increased insurance premiums and many indirect financial costs.
One firm, for example, reported having lost around £150,000 worth of billable hours following an attack which crippled their systems. Additionally, PwC research showed that cyber security is a key challenge for law firms and the legal sector is increasingly being targeted. Cyber risk was deemed the second greatest threat to law firms meeting and/or exceeding their ambitions, with only Covid-19 ranking higher. It has also been noted that Solicitors Regulation Authority (SRA) alerts for fraudulent activity are up 147% from the same period last year.
It is now widely recognised that cyber-enabled crime continues to rise in both scale and complexity, with criminals taking advantage of the increased reliance on digital technology. After more than eighteen months of homeworking and more services moving online, many firms are looking to adopt a hybrid working model that will allow their staff flexible working arrangements. This will mean that many professionals will work more than half of their working hours outside the security of the office network.
As masters of opportunism, fraudsters will create scams overnight to take advantage of change. The SRA reported a 300% increase in phishing scams in the first two months of lockdown alone, and every day we read about another breach, ransomware or other form of sophisticated cyber-attack against law firms. The real problem is likely to be much larger, due to the typical under-reporting of cyber crime and secrecy surrounding cyber breaches in the legal profession. It is not a case of if you have a cyber breach, but when and how serious it becomes.
What is Cyber Essentials and how can it help?
The National Cyber Centre (a branch of GCHQ) introduced the Cyber Essentials scheme as part of its mission to make the UK the safest place to do business online, and to offer businesses a simple and affordable way to improve their cyber security. IASME is the Government’s Cyber Essentials partner and is responsible for delivering the scheme. This is achieved in partnership with companies like IntaForensics, who is one of over 260 certification bodies located across the UK and Crown Dependencies accredited to deliver Cyber Essentials. The Cyber Essentials controls help guard against the most common threats from the internet, and certification helps to demonstrate your commitment to cyber security.
Cyber Essentials will:
Help you to take control of your cyber security
Although many legal firms outsource their IT support to third party providers and think that will take care of the problem, it must be emphasised that cyber security is not the same as IT. No matter who is looking after your technology, cyber security remains the responsibility of senior management within your company.
The Law Society’s Lexcel Standard guidance to legal practices states that “practices must have an information management and security policy and should be accredited against Cyber Essentials.”
Demonstrate your commitment to keeping client data safe
Reputation is a valuable asset and consumers typically demand evidence of a trusted, secure service provider for their sensitive data. They are increasingly aware of the threats from cybercrime and do not want their username and passwords compromised, their data stolen or their accounts hacked. As such, organisations need to show that they are taking cyber security seriously.
The demand for comparison websites is rising, with 45% of consumers saying they would turn to online price comparison tools to help them compare providers, according to a recently-published IRN research report. Reputation continues to be the primary consideration when choosing a legal services provider. By achieving the Cyber Essentials certification, you can show your commitment to cyber security and stand out from your competitors.
Provide a level of Cyber Liability insurance
If your legal firm is UK-domiciled with an annual turnover of less than £20m and you achieve the Cyber Essentials certification covering your entire organisation, you will be able to opt into the included cyber liability insurance. This does not incur any additional costs or paperwork, with the insurance cover including a 24hr technical and legal incident response service.
Getting Cyber Essentials certified is a straightforward way of demonstrating to your insurance company, your business associates and your customers that you take cyber security seriously and have your house in order.
Get started with the Cyber Essentials Readiness Tool
Many legal firms find they have got their resources tied up running the practice rather than focussing on IT and cyber security. The barrier to understanding technology can be a significant hurdle for firms in starting their essential journey to cyber security.
Until recently, much of the general cyber security information and guidance assumed a good level of IT knowledge. Firms have asked for a tool that can help them review their current level of protection and to obtain targeted advice on the next steps, and we have listened. The Cyber Essentials Readiness tool is a free online device with basic level guidance on the five key technical controls and related topics written in easily-digestible language. The process of working through the questions will inform an organisation about their own level of understanding and what aspects they need to focus on. They will be directed towards appropriate guidance and, based on their answers, be presented with a tailored action plan and detailed guidance for their next steps towards certification.
To find out more or to arrange Cyber Essentials certification, get in touch with our team via Tel: 0247 771 7780 or by emailing firstname.lastname@example.org.