Described as the biggest threat to every company in the world, the cost of cybercrime is expected to reach $6 trillion in 2021 – up from $3 trillion in 2015. Cybersecurity Ventures describes this as “the greatest transfer of economic wealth in history”.
Legal service providers, in particular, have cause for concern. They’re an attractive target to cybercriminals. Not only do they hold an immense amount of valuable data – ranging from IP through to bank account details – but legal professionals are known to be soft targets.
Take the NotPeyta malware attack that crippled DLA Piper’s global system in 2017 for instance. Legal cybersecurity was thrown into the spotlight. The finding: the legal profession is coming up lacking.
“Before-The-Event” Cyber Risk Management Steps
Robert Mueller stated in 2012 “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”
Given the legal obligation to keep client information confidential and the increasingly stringent legislative data protection requirements being enacted globally, the emerging mantra of “when, not if” gives cause for concern.
In the first 8 months of the European GDPR, more than 59.000 data breaches were reported in Europe. The Netherlands, Germany and the UK were hit the hardest by breaches – with the 3 countries making about 75% of those reports. It is apparent that legal service providers need robust firmwide policies alongside technological solutions that tackle cybersecurity risk from multiple angles to mitigate their risk.
Technological solutions play a major
role in legal cybersecurity
Technology certainly has an important role to play in any
robust cybersecurity risk management strategy. The 2019
Robert Half Legal report asserts that more than 75% of
law firms plan to increase spending on cybersecurity in
the next 12 months.
But simply beefing up your own security measures is no longer enough. Increasing reliance on cloud-based Software as a Service (SaaS) solutions means legal professionals must ensure their software providers are equipped to keep client and user information safe.
AdaptingLegal, for instance, provides a real-time
encrypted communication channel between client
and legal service providers to ensure third parties
can’t tamper with or eavesdrop on communications.
These measures go a long way towards protecting your
business.
Your staff are your biggest cybersecurity
risk
Nonetheless, good cybersecurity can’t just be purchased
and installed. The people in your organisation unwittingly
present a huge risk to your cybersecurity.
In 2017, two law firms in Australia sent millions of dollars to hackers following a sophisticated email scam attributed to social engineering – a type of cybercrime that involves psychological manipulation. A law firm in Dublin fell victim to a similar cyber attack earlier in 2019. Investing in education for your staff is crucial if you want your business to survive the onslaught of cyber attacks that will no doubt continue into the future.
Managing the Aftermath: Crisis
Management and Business Continuity
Plans
If (or when) you fall victim to a cyberattack, you need to
know what to do. This requires careful consideration of
Business continuity
Following the NotPeyta attacks, DLA Piper spoke out about their costly mistakes and foreshadowed their future plans. Beyond segregating their network, their next priority was to move to a cloud-based system.
Why? Because it took them four days to recover company email. Moving to a cloud-based system for core services, like client communication, provides a failover in cases like the DLA wiperware attack.
Regaining access to these crucial documents and communications following an attack will mitigate potential losses. Many noted the millions in lost revenue DLA Piper would have sustained in the days and weeks of lost productivity following NotPeyta.
Cyberattacks show no sign of slowing
Cybersecurity is likely to remain as one of the foremost concerns within the legal industry for years to come. If you aren’t making moves to the cloud or investing in your technology and your staff, you’re making yourself an easy target for increasingly sophisticated cyber attacks. AdaptingLegal is a secure, cloud-based SaaS that provides encrypted client communications at file level, amongst other things. Get in touch today to see how Adapting Legal can benefit your business.