- Security TWENTY
- Women in Security
Cyber awareness training among law firm staff must act as a first line of defence, according to a business continuity and disaster recovery service provider. This follows a recent professional indemnity insurance (PII) survey from the Law Society, which included that a quarter of law firms in England and Wales were targeted by scammers in the last year; spam emails and phishing attempts by far were the most common attempts.
Peter Groucutt, managing director for Databarracks says: “It’s unsurprising to hear that the legal sector is vulnerable to online attacks. The fast-paced nature of the industry combined with the high-volume of email traffic means that it only takes one person to open an unsolicited email and attachment to compromise an entire organisation.
“The Law Society is right to highlight this growing threat and also encourage firms to review risk management practices, but importantly, senior management teams within these firms shouldn’t make the mistake of assuming that this is solely a technology issue that needs to be addressed. For any organisation, the first-line of defence against cyber threats starts with your staff and this must be supported with effective cyber awareness training. In practice, make sure that your team is able to identify potential phishing emails as well as the recommended procedures to follow in the case of a breach or infection. This can help to get incidents under control quickly, reducing the amount of damage caused. For smaller practices, which typically might not have the necessary infrastructure or personnel in place, schemes such as the government’s Cyber Essentials Scheme (CES) provides advice and guidance for those looking to take their first steps into cyber-security and also supports those who are simply looking to improve existing processes.
“A lot of IT departments handle incidents in the background with only key senior individuals being informed, but if threats aren’t communicated internally to employees then how will they understand the dangers facing the business? Because of this, an effective line-of-dialogue between the IT department and the rest of the business is needed. This not only serves to alert an entire organisation to threats, but allows the IT team to understand whether security processes are too restrictive or unintuitive, hindering the staff’s ability to do their jobs competently. Asking these questions to the right people will go a long way to improving adherence to IT security practices.
“Additionally, this needs to be supported with effective backup capabilities. The fallible nature of people means that in the event of an incident an organisation needs to know that its data can be retrieved, but often this is hindered by the technology in place and also how thinly the IT teams are spread. A firm’s IT team might have priorities elsewhere for example, handling hardware upgrades or managing new software installations. Because of this, backup can become an afterthought and often this is where a firm’s downfall can lie. You need to ensure backup works for you when you need it to, and because of this it needs to be managed, monitored and tested regularly.”