Today’s reality is that law firms are increasingly the targets of cyber attacks. Don’t be misled into thinking that hacking is a problem for just large law firms because small firms and sole practitioners are also at constant risk of hacking invasions. To make matters worse, according to a recent report by LogicForce, an IT security provider, a shocking 40% of law firms have been hacked and they didn’t even know it.
Lawyers and their firms are privy to some of their clients’ most sensitive data, they are repositories for confidential data on personal matters, corporate deals and business strategies and this data must be stored somewhere, so the appeal to hackers is quite clear.
Lawyers and conveyancers are entrusted with a significant amount of sensitive client information and also large quantities of funds in trust, so it’s important that law firm principal’s do all they can to minimise the risk so that client information is not compromised.
Importantly, lawyers also have an ethical, professional and commercial obligation to keep their data and the data of their clients safe, secure and confidential.
It is part of every lawyer’s professional responsibility to keep their client’s data safe. As a lawyer, if you feel that you don’t, or your practice doesn’t, have an adequate understanding of how your data should be secured, or if you are not familiar with the technology or the types of questions you should be asking to gauge whether the data you hold is adequately secured, consider obtaining independent expert help as soon as possible.
More than one in four Australian firms have reported having come under a cyber attack in the last two years as the legal industry faces increasing pressure to improve security around data measures, research from leading companies has revealed. The Australasian Legal Practice Management Association found 27 firms out of 172 surveyed recently, more than 15 per cent, reported a breach from cyber criminals. The survey revealed 87 per cent of firms are concerned about cyber security with more than 80 per cent saying they would invest in more training over the next five years.
So what can expect in 2020 and beyond? The reality that most law firms are not adequately trained, and therefore unable to detect an attack has happened. The other threat that is likely to increase in popularity is blackmail techniques. Much like ransomware that locks data until a fee is paid, blackmail would exfiltrate data and require a ransom be paid in order to prevent the data from being exposed via methods like journalism or generally posting leaked data on the internet.
Hackers find ways around firewalls, passwords, and encryption of all types. Protecting firm and client data should be a top priority for firms of all sizes.
Lawyers need to protect themselves by taking out adequate cyber insurance, implementing safe IT procedures and educating their staff to be cyber safe.