Legal firms are well aware of the regulatory, financial and reputational costs that unauthorised access to the sensitive information they hold could cause.
A couple of recent high-profile examples include:
- Duncan Lewis, a UK-based solicitor, that had its customer data broadcasted on Twitter, causing the loss of high profile and high net worth clients.
- DLA Piper, a global law firm, that suffered a ransomware attack that effectively shut down 200,000 computers in 150 countries within 24 hours.
But, in many ways, the statistics are more concerning than the individual stories.
- The National Cyber Security Centre revealed that UK law firms alone have lost £11 million of their clients’ money to cybercrime.
- 59% of companies experienced a third-party data breach, yet only 16% say they are in a position to effectively mitigate third-party risks.
- On average, your business will share confidential and sensitive information with approximately 583 third parties – yet only a third of businesses keep a comprehensive inventory of these third parties or are comfortable with their risk management procedures.
- There are 4,000 cyber-attacks every single day and reports suggest that at least 73 of the top 100 UK law firms and that attacks increasing on all legal practices.
- In the last year, 60% of law firms reported an information security incident – almost a 20% increase from the previous 12 months.
As the American Bar Association puts it, law firms are ‘custodians of highly sensitive information, and therefore an inviting target for hackers. There is a major professional responsibility and liability threat facing the legal profession.’
The main threats to the legal sector
It’s clear that the stakes are incredibly high for legal practices with a duty to protect sensitive client data and significant sums of clients’ money.
But where are the main threats coming?
The top three tactics are:
An attempt to obtain information by sending fraudulent emails to people in your firm.
An attempt to obtain information from third parties by impersonating your firm by sending emails or hosting a fake website.
- Viruses, spyware or malware attacks
Types of malicious software designed to perform damaging operations on your computers.
Increasingly threats are coming from ‘weak links in the chain’ offered by third party suppliers – and, further down the line, suppliers who supply them.
These people are concentrating solely on their jobs, not necessarily on security – how secure are their passwords or the devices they use to access your information?
What can you do?
Partnering with Falanx Cyber offers you the benefit of continuous protective monitoring of your network by the latest tech and a team of UK security cleared analysts.
We can investigate and prioritise threats, and use proactive threat hunting to discover existing threats on your network, including identifying threats from your third-party network.
Here’s what Mike Poole of leading UK divorce and family law practice says:
‘Our IT team are not experts in threat detection or threat mitigation, so when devising our cyber security strategy, it was apparent that we needed experts to come in and manage security rather than handling it internally.
We now have full visibility of what is happening on our networks from a threat detection point of view but the addition of Falanx’ managed service means we do not need in-house resource to watch the dashboards and manage the alerts 24/7’
To find out how we can mange and minimise the increasing risks to your legal and financial data just call 020 7856 9450.
Keeping client data confidential using Managed Detection & Response from Falanx Cyber