What cyber threats are law firms most vulnerable to?
In 2019, every respondent to the PwC Law Firms Survey reported suffering a security incident. This is 40% more than the previous year, and almost a 60% increase from 5 years ago. On one hand, this suggests that law firms are being increasingly targeted for their valuable data. On the other hand, there is also the possibility that security incidents had previously gone undetected, meaning that the high reporting rate actually indicates an increase in strength and awareness of cybersecurity among law firms.
The top three cyber threats to law firms are:
What can law firms do about these cyber threats? First of all, use software that has been certified by independent authority that includes regular penetration testing. Secondly, ensure that information technology systems in the firm are updated to minimize the weaknesses in the system that hackers can exploit. Thirdly, the firm should devise clear and practicable information technology handbook which delineates protocols when handling different types of information. For instance, limit downloads from unfamiliar or unsafe emails and websites to guard against malware attacks. Fourthly, train employees to maintain good cyber security practices such as using strong passwords and looking out for unusual correspondence that may be a phishing attempt.
Cyber threats have persisted and will continue to evolve as security measures develop. Gartner forecasts global spending on cybersecurity to reach US$133.7 billion in 2022. By cultivating good cyber security practices throughout all levels of the organization, law firms can establish a solid foundation to build a cybersecurity strategy that can grow to detect and withstand future threats as and when they arrive.
LEGALX adopts an internationally recognised framework for best practice in Information Security Management System (ISMS) and understands the need for appropriate controls in risk management when dealing with important information.