From trade secrets and intellectual property to details on wealth, income and finances, lawyers have access to a wealth of confidential information about their clients and business dealings. Ideally, a law firm must have a sophisticated cybersecurity strategy in place to safeguard all these coveted data. For many law firms, however – whether due to financial limitations or a simple failure to declare cybersecurity a priority – this kind of strategy is still beyond reach.
To the average person, the files on a lawyer’s laptop are little more than a collection of dull documents. When an overabundance of important information is shielded with inadequate cybersecurity, it should come as no surprise to discover that law firms are considered an alluring one-stop shop for hackers and cybercriminals eager to steal data to which they should have no access at all..
Indeed, the threats to the security of data managed in computers, networks and cloud services are still on the rise, posing a genuine challenge to lawyers and their firms. According to the 2021 Legal Technology Survey Report by the American Bar Association, one-quarter of respondents reported that their law firm had been breached at some point.
Why does cybersecurity matter more to law firms now than ever before?
With large volumes of cases to manage, lawyers cannot afford to devote time to worrying about data security, the efficacy of firewalls, the threat of malware, or the strength of their passwords. But law firms might be attractive, prime targets for cyber criminals actively seeking to profit from lucrative yet vulnerable businesses.
The Solicitors Regulation Authority (SRA) recently visited 40 practices where thematic reviews of cybersecurity measures were performed and led to staggering statistics on law firms’ exposure to cybercrime.
- 3 out 4 law firms visited reported having been the victims of a cyber attack
- 23 of the law firms directly targeted had more than £ 4m in client funds stolen
- 1 law firm in 2 was found to have granted unrestricted use of external data-storage media
- 1 law firm in 4 does not encrypt its laptops
Lawyers are indeed specialised in their respective fields, but this does not necessarily include specialisation in security. Given the recent rise in cyber attacks targeting law firms, however, lawyers can scarcely overlook the importance of cybersecurity. The situation is all the more serious as it grows increasingly challenging to protect businesses from cyber attacks perpetrated by criminals with rapidly advancing penetration capabilities.
Practically overnight, the coronavirus pandemic forced lawyers to begin working from home. This shift brought with it all the added cyber challenges, including a deluge of covid-related scams. A few law firms, particularly those with high-quality software for practice management in place, were better prepared than others for the onslaught. Overall, though, most law firms seem to have found the transition to be relatively straightforward. Law firms backed up by technology must have been relieved to have employees work from home while continuing to provide services to clients. Still, the serious and urgent need to take into account the cyber threats they faced was difficult to ignore.
Many law firms now have in place the level of cybersecurity required for solicitors to be able to practice law safely whilst working from home. Given the confidential nature of the data in the hands of law firms, and given the flexible, hybrid working models that are now here to stay, lawyers must always be on alert for cyber threats – more than ever before!