Times have and continue to change rapidly, so law firms can’t afford to rest on their laurels. However, after reading an article* from one of the most prominent names in the legal sector, Monty Raphael QC, it appears they might have been doing just that when it comes to the lack of security for information they hold.
Law firms have been warned, in 2011 the FBI cautioned 200 of the largest law firms in the US, letting them know that they are a major target for hackers. If that wasn’t enough recently all the data breaches that have been in the news should get the message across to law firms around the world. The most prominent data breach has to be the recent Mossack Fonseca breach which saw the leak of contracts, emails, transcripts, scanned documents and much more. A leak which could have easily been avoided if they had just kept their computers up to date. With the increase in breaches and the EU GDPR coming into play in 2018 this will hopefully get law firms to take cyber security more seriously.
It isn’t just financial costs that the firms should worry about as Monty’s articles outlined:
Regulatory – Where SRA principles have been breached a regulated person may have to pay a penalty or disqualify a person from acting as a Head of Legal Practice or Head of Finance and Administration, or being a manager or employee.
Loss of trade – Depending on the damage done from the breach but for example client contacts details could have been deleted from their database.
Litigation risk – Reporting data breaches to those affected will take time.
Reputational – Once you have reported data breach, reputation will be affected and may be harder to get new business.
What can be done to protect clients’ data? The majority of the breaches are a result of a phishing attacks/ social engineering attacks that are aimed at employees, so training their staff about the different threats out there would be a step in the right direction. On top of better training they should look at having their own cyber security team/expert or at least bring in external security experts for security health checks. Cybercrime is no longer future threat, it is a current threat so Law firms need to act now.