WHY TWITTER PROVES THAT A CYBER SECURITY AUDIT IS VITAL
The cyber-attack directed at Twitter on the 15th of July is a stark reminder that data and systems security audits are a vital and regulatory must for all law firms.
Twitter confirmed hackers made use of tools that were supposed to have only been available to its own staff to carry off July’s hack, so this is a further lesson that no one is exempt from a potential cyber-criminal attack, including a tech giant such as Twitter.
Due to the recent covid-19 crisis and with threats of further lockdowns, remote working is becoming commonplace, and whilst not a new concept, the scale of which firms required their staff to work from home has meant that there are potential weaknesses in software or Internet connections that cybercriminals are taking advantage of. The risks posed by these attacks should be taken seriously.
Whilst it will not be feasible for the vast majority of firms to match anywhere near the type of security available to larger corporations such as Twitter, it should still be used as a wake-up-call for compliance officers or partners wanting to re-examine the security of their own systems, to ensure they have evaluated risk, remain compliant and ensure that all staff are aware of the potential cyber-security dangers and then plan ahead for improving defence.
A cyber-security audit is one of the most valuable exercises a firm can take and understanding the threats your law firm’s data faces, not just due to cyber-criminal attacks, is vital. Below are some of the risks that should be considered when completing an audit:-
Malware, and hacking attacks – Being aware of external threats is vital to data security. Business Technology for law firms is constantly evolving and attackers are resorting to sophisticated techniques to compromise business data security.
Ransomware – Law firms can hold some highly sensitive information and for this reason, this type of malware garnered popularity in latest years. Law firms should be aware of this potential risk to their client’s data.
Denial of service attacks – The rise of IoT devices saw a dramatic rise in botnets. Denial of service attacks is now more widespread and more dangerous than ever. If your business depends on uninterrupted network service, you should definitely assess the risks associated with loss of service.
Malicious insider threat – One of the biggest threats to a law firm’s data is its own employees or third-party vendors. Data can be easily leaked or misused and unless you have specific monitoring tools in place, it would be hard to detect.
Non-Malicious insiders – Another risk group is the careless or uninformed employee, as not all insider attacks are done out of malicious intent. Data can be leaked unintentionally or errors such as forgetting to lock devices that contain sensitive information, downloading attachments or clicking links from suspicious email addresses or visiting unauthorised / malicious websites from the firm’s network. – This includes remote workers, see next.
Remote-working – The Covid-19 crisis and the obligated lockdown forced firms into a remote working culture that many were not used to. Whilst there are some proven advantages, one of the biggest disadvantages is that remoteness can easily become carelessness in regard to cyber-security. To address this, employees need to be made aware of just how easily information can be obtained and the means by which they can protect themselves and their firms. Most employees will be social media users, so the reality of the recent Twitter hacking should hold relevance when explaining the dangers.
Natural disasters and physical breaches – Whilst this would be a rare occurrence, the consequences of suffering such a threat can be devastating, therefore it should be included in a plan to cover the loss, should it happen.
Once you have assessed the risks associated with possible threats to your law firm’s data you will need to examine any existing security controls already in place, address those that need improving and implement processes that are missing. For example, you could consider measures such as:
- Firewall and anti-virus software
- Anti-spam filter
- Access Control – assess privilege users User activity monitoring – monitoring tracks activity and can protect against threats
- Employee security training and awareness
- Complete regular data backup
- Server security
- Ensure your firm’s PI insurance include Cyber security cover
OUR REGULATION AND COMPLIANCE SERVICE
At The Strategic Partner, (TSP) we have developed a compliance product that addresses each of the key stages of managing a compliant law firm. From implementing policies and IT system reviews, through to file audits and supervision, we work with you to implement a proportionate and sensible approach to compliance.
We also offer an ongoing maintenance programme involving audits and onsite training to ensure that your firm is up to date and always remains compliant. Click here to find out more about our regulation and risk management services.
CYBER SECURITY AND INSURANCE
Whilst a PII policy will provide coverage against negligence claims, an additional cyber security policy would provide protection above and beyond that offered by PI insurance. The Strategic Partner can facilitate an introduction to one of our partners and will work with you to obtain the best price for your Professional Indemnity Insurance with cyber security cover that includes a comprehensive on-site cyber-crime and fraud risk assessment that looks at all of the systems and processes in place across your firm, with a report back on practical solutions to possible weaknesses identified.
Additionally, Cyber-crime and fraud prevention training can be tailored to your requirements and delivered at your offices. Our insurer partners can provide you with a bespoke cyber-crime and fraud prevention policy to give everyone in the firm practical advice to pre-empt breaches as well as a bespoke cyber-attack / fraud incident management plan to help you in the event of a successful attack to minimise damage and bring about the best possible result in rectifying it.
Our focus is to allow the owners of law firms to concentrate on the running of their business with the comfort of knowing that TSP are working for them to ensure they remain compliant.
GET IN TOUCH
For more information about how TSP can work with you or to find out about receiving a quotation on PII and Cyber Crime Cover, click here to be taken to our website and product brochure, call us on 020 3911 9710 to talk to one of our advisors or email us and we will call you firstname.lastname@example.org.