Law firms are an ideal target for cyber-criminals thanks to the quantities of valuable commercial information held, such as banking details, client and legal records, and contractual information. Well-funded cyber-criminals invariably use law firms as a gateway to obtain this highly sensitive information.
Typical cyber security challenges in the professional services industry:
- Maintaining client confidentiality.
- Understanding what data is stored and how vulnerable it is.
- Protecting IT infrastructure.
- Achieving compliance with GDPR and avoiding data breaches.
- Meeting the data security and policy requirements of clients.
- Surmounting lack of in-house security skills and resources.
As a provider of professional services, ask yourself:
- How frequently is your IT infrastructure tested for vulnerabilities?
- Are suitable controls in place to defend against targeted attacks?
- Are systems implemented to identify threats that bypass perimeter defences?
- Do staff have sufficient awareness of information security risks?
- How do you detect, remediate and report breaches?
- Are systems and controls implemented to mitigate insider threats?
- Is the personal data of clients appropriately processed and protected?
Law firms and barristers’ chambers must have effective technical and organisational measures in place to ensure that personal data is protected against unauthorised processing, accidental loss and destruction in order to achieve compliance with GDPR and the DPA 2018. Equally important is the need to have appropriate procedures in place to detect and investigate personal data breaches, as well as being able to report breaches within 72 hours to the relevant authority and, in high-risk cases, to affected individuals.
Read next: Keeping client data confidential using Managed Detection & Response from Falanx Cyber.
READ THE FULL CASE STUDY