If you think you’ve got your law firm’s cyber security all wrapped up, be sure. Cyber criminals target busy, distracted staff with scams … we have a simple solution …
Let’s be clear here, most legal firms have a level of cyber security on their office networks. As you’re no doubt aware, rule 4.2 of the Code of Conduct for individuals and Rule 5.1 of the Code of Conduct for firms place an obligation on the profession to “safeguard money and assets entrusted to you by clients and others”.
And you tell your clients that, with you, they’re in ‘safe hands’. And, no doubt, your staff are efficient and professional in what they do.
But cyber criminals know you hold valuable assets – and they’ve found new, highly effective ways round your cyber security, especially targeting people working at home.
The Solicitors Regulation Authority (SRA) report that staff working remotely on devices which don’t have the same level of security as office equipment have contributed to a massive rise in cyber attacks.
They cited a 300% increase in phishing scams in the first two months of lockdown alone. This is when someone mistakes a fraudulent email as being from a trusted source.
In fact, the SRA found that, in the first half of 2020, law firms reported that nearly £2.5m held by them had been stolen by cyber criminals!
A simple, effective solution for law firm’s cyber security – wherever your staff work
It’s very easy for busy staff to click on a link which takes them to a cyber criminal’s website where they unwittingly provide valuable and personal information. They may not even realise this is the case until, perhaps, months later when the cyber attack becomes apparent. By then it is way too late and the firm’s reputation, its finances, and other people’s personal information and finances will have been compromised, disrupted or destroyed.
As human error accounts for most breaches, believe it or not the simplest, most effective answer is awareness training.
- Before you think that awareness training will be costly, remember how much you stand to lose. And, in fact, this type of training isn’t expensive.
- If you think awareness training will take up too much of your staff’s time – there are short, sharp reminder videos that literally take less than five minutes and can be ‘drip fed’ regularly before staff forget.
- If you think your staff won’t engage with this, try having a watch of one of the awareness training videos – they’re more like a clip from a favourite sitcom – and are certainly memorable!
The result will be that your people understand what cyber crime to look for and how to reduce the risks. This sort of regular cyber security training programme is as important as CPD courses and anti-bribery training!
Some systems cost from as little as £2–3 per member of staff per month and deliver cyber security training in short, digestible blocks. It should definitely be one of your New Year resolutions.
To find out more about how you can prevent a data breach at your law firm, book a FREE cyber security consultation with us below.