April’s data breach legal, trust and accounting firm victim Mossack Fonseca of Panama, offers a perfect storm warning for law firms. As reported in last week’s blog (see link), the legal sector is a highly attractive and potentially susceptible target for the armies of cyber attackers due to the sensitive data held by law firms about their clients.
“All law firms should take the Panama breach as a major wake-up call,” says founder and executive chairman of IT Governance, Alan Calder. “Law firms have notoriously been targets for cyber criminals because of the sensitive information they possess. More recently, the scale and devastation that cyber breaches cause means that law firms need to consider their cyber security posture right now.”
The swift changes in cyber attack and swopping focus on market sectors makes trying to defend your crown jewels (ie. your data) ever more critical. Law firms were ranked the seventh highest target for cyber criminals in CISCO’s 2015 Annual Security Report and in midsummer 2015, CISCO’s 2016 Annual Security Report noted that Professional firms were one of four sectors (Government, Electronics, Professional and Healthcare), most hit by Trojan related attacks, while the Professional Services vertical was hit with a high number of iFrame attacks. Add to this, the UK’s Information Commissioner’s Office (ICO) investigated 173 law firms two years ago over data protection breaches. It is not a comforting picture. But there are good things that can be done by taking a proactive stance on security.
The ICO acknowledges ‘There is no “one size fits all” solution to information security, as the security measures that are appropriate for a particular organisation will be different to another. However, given the pressures facing the legal sector, companies would be well advised to adopt a risk based approach to deciding what level of security is required and where – and to ask pertinent security questions from the third party contractors and suppliers they use.
ISO 27001 Information Security Management System (ISMS) provides a risk based approach to data security. When rolled out through the organisation it can push down through the supply chain to raise standards with third party contractors and suppliers. Whilst no organisation can be guaranteed to remain 100% free from threat 24×7, a law firm which creates a robust and regularly monitored cyber security posture, will be better prepared to fend off, or respond quickly and effectively through tested policy to a breach. What this means for the firm’s customers and stakeholders are higher levels of assurance, as well as enabling you to meet growing legal and regulatory data protection obligations.
As with all things technological these days, it’s not just about knowing what’s in your estate to protect, it’s about strategically identifying for the business what you might need to consider adding to your infrastructure, to build peace of mind for your Board and customers. That journey will ultimately be better travelled with an expert MSP which has ISO 27001, a passion for data security, a keen eye on cyber security – and one which can not only advise but is able to deliver 24×7.