This week we hosted an insightful panel discussion titled “Attacks, Hacks, and Cyber-Risks”, focusing on the impact of cyber security on law firms. The panel included Chris Roberts from Cybata, Gary Horswell and Colin Fox from Ntegrity insurance brokers, and Rachael Eyre, a data protection practitioner.
The recording can be accessed here.
Here are the key takeaways from the discussion:
1. The Current Cyber Risk Landscape
Chris Roberts highlighted that cyber-attacks are increasingly common and sophisticated, targeting law firms for their sensitive data. Common threats include data breaches and electronic fraud, driven largely by financial motives. The lack of digital literacy among many professionals exacerbates these risks. However, simple, cost-effective measures can significantly reduce vulnerability.
Training tools such as Bob’s Business and KnowBe4 can help increase cyber-security awareness and a vigilance culture.
Action Point for Law Firms:
Invest in basic cyber security measures and ensure continuous education for staff on digital threats. “The house with the visible burglar alarm is less likely to be targeted than the house next door without”.
2. The Importance of Supply Chain Security
Rachael Eyre emphasised the critical role of securing the legal supply chain. Law firms often work with various third parties, including IT providers, estate agents and barristers, who may not have robust cyber security measures. She recommended identifying which parties are data controllers/processors, conducting thorough checks and having clear agreements with all third parties to ensure data protection.
Action Point for Law Firms:
Implement data processing agreements and conduct regular audits of third-party security measures.
3. Regulatory Compliance and Reporting
Law firms have a professional duty to keep client information confidential and secure, safeguard client assets, and have robust systems in place. Rachael noted that breaches of client data may need to be reported to both the SRA and the ICO, depending on the nature, extent and seriousness of the breach.
Action Point for Law Firms:
Establish protocols for breach detection, reporting, and compliance with both SRA and ICO guidelines.
4. The Role of Cyber Insurance
Colin Fox discussed the importance of cyber insurance, which offers coverage beyond typical professional indemnity policies – not least the law firm’s own losses arising out of an attack. Cyber insurance policies also often include 24/7 incident response services, forensics, PR consultants, and ransomware negotiators.
Action Point for Law Firms:
Consider obtaining a standalone cyber insurance policy to ensure comprehensive coverage and access to critical incident response services.
5. Future Threats: The Impact of AI
AI poses both a challenge and an opportunity in the cyber security landscape. Chris Roberts pointed out that AI can lower the barrier to entry for cyber criminals but also enhance defensive measures.
Action Point for Law Firms:
Stay informed about AI developments and incorporate advanced anti-fraud measures that leverage AI technology.
6. Practical Tips and Best Practices
The panelists shared practical steps for law firms to enhance their cyber security:
- Conduct regular staff training on recognising phishing attacks.
- Implement multi-factor authentication (MFA) and educate staff on its proper use.
- Regularly update and patch systems to close vulnerabilities.
- Use the ICO’s breach reporting tool to assess and document potential data breaches.
For invitations to future live events, subscribe to our newsletter at www.jonathonbray.com
