By Tim Dinsmore, director of Appurity
In an increasingly digitised and dispersed world, the legal sector has become a prime target for cyberattacks. The National Cyber Security Centre (NCSC) on 22 June released its cyber threat report for the UK legal industry, revealing the latest threat statistics and highlighting the urgent need for law firms to strengthen their security defences.
Understanding the threat landscape
The report outlines the main types of cyber attack threatening the legal industry today – from ransomware incidents to phishing and other malware attacks. Smaller firms without dedicated cyber security and IT support are given a special mention. These firms are increasingly vulnerable to attacks and should take note. If your firm is relying on third-parties to secure the systems that hold your critical data, do you know – categorically – that they have adequate data protection and security procedures in place?
The report also warns of the threat of supply chain attacks and intellectual property theft, often by state-sponsored hackers.
What happens when it goes wrong?
The report includes a case study of Tuckers Solicitors LLP, which fell victim to a ransomware attack. The Information Commissioner’s Office (ICO) imposed a fine on the firm, citing inadequate security measures and failures to protect stored personal data. The incident underscores the importance of implementing multi-factor authentication, promptly applying security patches, and adequately safeguarding sensitive information.
Improving your security posture
To strengthen cyber defences, the NCSC recommends obtaining Cyber Essentials accreditation. This certification helps organisations establish a baseline of essential security protections, aligning them with industry best practices. The Cyber Essentials security controls cover a range of areas that firms should assess and strengthen, to ensure their critical data and devices remain secure. This includes: device visibility, asset management procedures, endpoint protection, and BYOD practices.
The current threat landscape is challenging to navigate, and no firm wants to fall victim to a cyberattack. However, by implementing proactive security strategies and measures – as the report recommends – firms can take steps to protect their critical data, remain compliant with regulatory requirements, and ensure their systems are optimised to spot and shut down attacks before they take hold.
For example, law firms should ensure they have the best secure access policies in place. Every IT team should know exactly who is accessing their corporate networks, from where, and on which device. The same goes for application management – it’s not enough to simply accept that your employees might download unauthorised apps on devices which are also used to access work data and systems. Firms need complete visibility: they must know what – if any – risks are posed by applications (for example, by conducting a comprehensive application security assessment), and should be able to quarantine devices remotely if a user is flagged as downloading an app that displays malicious or otherwise unusual behaviour.
This latest NCSC report serves as a wake-up call for the legal sector to strengthen its security defences. With cyber attacks becoming increasingly sophisticated and widespread, law firms must take proactive steps to protect sensitive client information and uphold their legal obligations.
Achieving Cyber Essentials accreditation can significantly enhance a firm’s security posture, mitigating risks associated with ransomware attacks and other common cyber threats. By adopting the recommended measures and partnering with trusted technology providers, firms can effectively strengthen their defences and safeguard their valuable assets.
Appurity specialises in mobile and application security for law firms.
We don’t charge for guest posts, which appear here on merit. To contact us with an idea for a post please contact caroline@legaltechnology.com