Why Legal Firms are “Holy Grail” targets, for Cyber Criminals…

Attacks on large companies hit the headlines daily, but as a Legal Practice your risk is higher

Criminals make the same Risk decisions we do – they can’t always measure the potential reward of their crime, but they can strive to lower their risks and maximize revenue.

Traditional crime (such as breaking into your law practice with a crowbar in the middle of the night) requires lots of effort, is risky and carries higher potential punishment (for rewards such as petty cash and used PC’s).
Cyber Crime is low effort, hard to detect, currently has lower punishments and vastly multiplies their reward. Cyber Crime is a numbers game – and it’s not in your favour….

Legal Practices are “Holy Grail” victims, for the new breed of Cyber Criminal because you:

  • Have client databases, valuable IP and financial information for multiple people
  • Have large value client transactions (property, acquisitions, mergers etc).
  • Need to safeguard your reputation – especially for protecting clients’ confidential information
  • Might have direct access to your clients’ bank accounts
  • Probably have weak defences (in comparison to their reward if successful).

Criminals have always tried to find the easiest marks with the richest rewardsyou have:

  • High potential for successful Ransomware extortion (data reliance, reputational damage).
  • High reward for successful man in the middle attacks (intercepting client funds)
  • Financial data with high value, that can be sold on the Dark Web for secondary profit.

There’s also the bonus potential further future revenue, by exploiting your trusted advisor status (and systems), to deliver malicious software to your clients (the ultimate criminal pyramid scheme).

Is your risk increasing and what can you lose?
YES
– Whilst traditional crime is generally decreasing, Cyber Crime risk is increasing…Your money, your information, your reputation, your IT equipment and your IT based services are all at risk. Whether you manage your own systems and devices, or rely on third-party hosted systems (i.e. ‘in the cloud’), your risk is real, constant and growing….

Protecting Yourself & Your Clients:
Managing Cyber Risk is a business AND personal decision – you may be worried about making the right choices. However, even though your risks are increasing, reducing them has never been easier!

So what can you do about cyber security?

1) Find and Fix key risks ASAP (then make sure they don’t come back)  There are many tools that can help, here’s one that’s FREE – Risk Assessment Auditing Tool
(it includes compliance checks to help achieve Cyber Essentials)

 2) Make sure you have your “Cyber Essentials” covered…
An easy way to check this is to investigate the UK Governments “Cyber Essentials Scheme” It contains practical, Government backed advice, from globally recognised cyber experts (including GCHQ / CESG).
Implementing Cyber Essentials can reduce your chances of a successful attack – by up to 80%.

 The information from Cyber Essentials is FREE and lets you:

  • understand the real implications and consequences of a cyber-attack.
  • get the inside track from GCHQ on protecting yourself
  • learn how you can dramatically reduce your chances of becoming a victim.

3) Check where your Service Providers are storing your data and how they are protecting it.
Ask the same questions of your service provider, as you would with your own in house team. They ARE your own systems and it is your data, even in the cloud! (Even with a hosted service, the data risks / legal responsibilities, remain yours)

4) Take SOME action, ANY action is better than no action
Some “Essentials” reduce risk – e.g. hardening your systems against attack
Some help protect you if things go wrong – e.g. making offline backups.
Consistent small actions over a period of time (Kaizen) will all add up to reduce your risk….

Useful Links & Further Reading:
A Cyber Guide for Small Business
14 Pages of policies and practices to Fast-Track your understanding and make Cyber Simple.
(UK Government)
(https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/412017/BIS-15-147-small-businesses-cyber-guide-March-2015.pdf)

Cyber Essentials (https://www.cyberstreetwise.com/cyberessentials/)
Government-backed walk-through on protecting yourself against cyber threats (+accreditation options)