Law firms have had £11 million of client money stolen from them by hackers according to the UK’s National Cyber Security Centre, which has caused alarm bells to ring up and down the country.
Unfortunately, it is hardly any longer a case of “if” but “when” a breach happens, making it imperative that law firms and small businesses radically change their approach to security.
Although law firms have cyber security high on their list of concerns, IT resources are often limited and dependent on outsourcing. With a vast array of compliance and system-management matters to deal with, cyber-security expertise can be in short-supply.
Whatever their IT set-up, law firms need to change their mindset to defend themselves against the growing sophistication of cyber-attacks. They must shift from defending themselves against predictable external attacks to adopting fail-safe solutions that identify more sophisticated attacks as rapidly and as accurately as possible. Instead of placing their faith in easily-breached perimeter defences they must acquire the capability to shut down an attack before any damage is inflicted.
Human error is a common problem
Most cyber-attacks begin either through a security slip-up by an employee. When thousands of emails are exchanged every day, it is almost inevitable that a member of staff will click on a link that triggers the download of a new malware variant that AV cannot identify and which may go undetected for months.
While the malware is hiding in the system it will be siphoning off highly confidential data, stealing cash or waiting to use the firm’s servers as a backdoor into the systems of important clients.
Although email filters will eliminate most phishing attacks, many still get through. Filters are also largely ineffectual against spear-phishing that targets a specific individual with cunningly crafted emails, using data to create a personalised lure.
What are the vulnerabilities in legal IT?
The majority of mid-sized law firms still rely on conventional on-premises data storage – using servers in their own offices. As business has evolved it has become necessary to access data from anywhere, which can be a combination that increases vulnerability. When a firm hosts its own servers, it creates the need to update, patch and secure them, while at the same time they must of necessity be accessible from the internet by many of the firm’s employees.
Law firms also use third-party software for their customer management. Being hosted on their own servers, this may well open up further holes in security.
The alternative is to move entirely to cloud-based data-storage, enjoying all the enormous benefits of scalability, flexibility and lower overheads. Yet this is no trivial question for law firms, since security is a paramount consideration. A single breach can be sufficient to inflict catastrophic damage on a practice’s reputation. These understandable security fears are why law firms often ban staff from using cloud-based applications such as Dropbox.
Security among cloud-service providers is by no means certain, either. Security breaches can be instituted by malign cloud employees who place unauthorised software on a server or those who simply fail to follow protocols.
More effective solutions should now be adopted by the legal sector
To provide themselves with protection against today’s threats, law firms need to adopt far more effective technology and institute better training for their staff.
Law firms now need to escape from the conservative reliance on out-dated perimeter defences and deploy more advanced solutions. These will defend their servers from unauthorised intrusions or security lapses, whether in the cloud or on-premises.
CyberHive’s solution has a more secure foundation, harnessing the power and integrity of cryptographic chips on the motherboards of every server. Our patented technology checks the status of servers every few seconds, monitoring their security using a combination of hardware-based cryptography and distributed whitelisting technology. This protects servers from all unauthorised activity and malware in a way that traditional solutions are simply unable to match.
By using hardware as the root of trust for our servers, it is virtually impervious to hacking, and the solution founded upon it can consequently help to ensure that no person or organisation can tamper with servers, falsify verification data or bypass server security.
The legal sector needs to defend itself against the potentially catastrophic effects of breaches by deploying solutions capable of countering all the threats cyber criminals devise.
Find out more information from our team by contacting us at [email protected].
Almost every day we hear about new ways cyber criminals are exploiting the COVID-19 crisis. Phishing scams, social engineering tactics, fraudulent websites and ransomware are constantly evolving an...Find out more
Given how much valuable and commercially sensitive information they hold, law firms are prime targets for cyber criminals. DLA Piper was hit by the highly destructive NotPetya malware in 2017, this...Find out more
It is now 21 months since the GDPR came into force. For the period 25/05/18 to 27/01/20, authorities within the EEA were notified of 160,921 personal data breaches. DLA Piper’s research also reveal...Find out more
Please fill in the details below to get a 2 week demo of
CyberHive's cloud platform technology