Between October 2014 and April 2016, some £85000000 was stolen from law firms. The SRA reported that in 2015 there were 726 reports of bogus law firms or individuals. And, overall, 63% of data breaches come from internal sources, as a result of either lack of control, errors, or fraud; which is perhaps the most troubling number of all as it could/should be significantly mitigated with relative ease from within firms (read more below).
The Law Society has reported that organised gangs are attracted by the large sums of money moved in and around firms.
The FBI has stated that cyber criminals consider law firms to be a “back door” to the valuable data of their clients.
And, GCHQ has commented; if you openly demonstrate weaknesses in your approach to cyber security by failing to do the basics, you will experience some form of cyber attack.
Having a firewall or other electronic measures alone does not make a firm immune from cyber crime; especially when we consider the above '63%' statistic. Most firms conduct training with their new staff, but when we consider that technology has moved on so much in just the past 5 years (since the dawn of iPads/tablets, for instance) can all firms honestly say they they have kept up accordingly with their plans and policies, and training their staff?
Every firm's risk profile is unique. Effective plans, policies and staff training/supervision are the cornerstone for shielding firms from attack. Devised and deployed effectively, and tailored to your firm, these assets and activities drive and monitor your protection against cyber crime, including the specification and governance of any electronic defences.
Low cost and robust: PDA Legal starts by auditing firms' (cyber) risk profiles and then supports the development and implementation of protective measures, which will almost certainly commence with drafting and deploying effective plans, policies and training. Our methodology (which includes consideration of the Cyber Essentials checks) empowers firms with information that supports them to make proactive decisions as to how to achieve robust, tailored defences.
E-PACT: PDA Legal has summarised its perspective of cyber risk assessment and action-planning into a five-point check to measure and mitigate the impact of cyber crime on law firms:
- Endpoints and end-users
- Patches (including updates) policies (and their strict enforcement)
- Access controls
- Cyber Essentials
We would be pleased to hear from any firm that would like to discuss its cyber crime risk profile. Get in touch with us via the details at the bottom of this page.
Bob Partridge from PDA Legal was one of the keynote speakers at Salford University's Defending Law Firms From Cyber Attack conference on 10 May 2016. Bob delivered a compelling evidence-based session designed to encourage law firms to carefully examine their own processes and means of protection from cyber crime.
You can download a summary version of Bob's presentation for free, by clicking;