Cyber-attacks in the legal sector

We welcome a Cyber Data expert to discuss key areas within the legal sector.

Emma Green, oversees driving improvements and the implementation of data protection and cyber security global programs for clients and organisations. Emma has over 20 years of experience in IT, is a senior Data Protection Officer, an award-winning trainer, speaker, co-author of an IBM Redbook and a member of the International Association of Privacy Professionals (IAPP).

Emma has carried out postgraduate studies in Cyber Defence and Information Assurance at the Defence Academy of the United Kingdom and has a Post Graduate Certificate in Data Protection Law and Information Governance (with commendation) from Northumbria University.

Over the past 12 months there has been a spate of highly publicised cyber-attacks hitting firms, Ward Hadaway, the Bar Council and Bar Standards Board and Tuckers have all been crippled making firms sit up and take notice.

Types of attacks hitting the legal sector

In the world of cybercrime Law firms, data is a highly valuable tangible commodity. A survey on all business sectors by Aon insurance demonstrated that professional services attacks make up 25% of all claims. The modus operandi is usually data exfiltration: get in, download law firms data, sit and wait, encrypt the systems and threaten to release the downloaded data unless the ransom is paid.

Although larger firms are not immune, smaller firms who may have lower cyber security maturity are also ones who are being exploited, companies with 1,000 of fewer employees represent 81% of attacks

Other common attacks originated in conveyancing – the hackers get into your emails and doctor invoices resulting in payments going to the hackers not to the intended recipient. This is subject of a high court case in relation to a constable painting, intercepted emails sent between Rijksmuseum Twenthe, in the Netherlands, and London art dealer, led to £2.4m being sent to a bank in Honk Kong, the case is about who now owns the painting.

We’re ok - we have Sean in IT

There is an often an over reliance and blind faith in your IT department or outsourced provider,  like Law with its many areas of specialism, IT is no different. There is a big difference from Sean helping supply laptops and case management logins to ensuring you have the appropriate security and cyber security in place to your firm. The question is how can we protect our firm?

It’s a big subject area but here are some basics which can help bolster your defences:

Preventative

• Enable 2 factor authentication – this means you login with your password and also have to enter a secondary pin code generated using an app such Microsoft authenticator. Case mgt systems, LinkedIn etc all support it, then should anyone try and login using your password, you’ll be notified.
• Back up your data – ensure you have a copy someone separate from any cloud systems
• Install Anti-virus software – ensure auto updates are on this will reduce likelihood of viruses getting onto your devices.
• Software patches – ensure your devices (phones, tablets and laptops) are set to auto update for example Windows, IOS.
• Passwords - Change default passwords on devices, use 3 words and not predictable such as password123 or commonly guessable passwords such as your kids names
• Training – Cyber awareness training for all your staff to ensure they can spot things like phishing as it’s the MOST common way hackers get into your systems, by clicking on a link or downloading something nasty. Phishing can be via emails, texts and someone contacting you by phone, your staff need to spot it.

Reactive

Call us we at Cyber Data Law can help, and put our number in your phone ready to have us on speed dial!