*This article is due to be published in the July edition of the Birmingham Law Society magazine.
In recent years, there has been an increased demand for remote working in the legal industry. Although law firms are known for spending long hours in the office and the need for frequent face-to-face meetings, there has still been a desire to adapt to modern day working practices. However, prior to the pandemic, many firms were reluctant to implement widespread remote working strategies. This is largely due to the cultural and technological implications of a home working transition. Nevertheless, when the government announced lockdown plans back in March, law firms were forced to quickly overcome these home working obstacles. Ready or not, they were faced with a sudden remote working test run.
In a rush to maintain ‘business as usual’ during lockdown, many firms focussed on maintaining user connectivity. However, effective remote working not only depends on having access to company resources but also that critical data, systems and the corporate network are fortified from advanced cyber-threats. While many legal firms have been able to successfully telecommute during the pandemic, there is a concern that there is a lack of security measures to protect client data.
Are you confident that your remote users are secure?
Outdated security infrastructures simply cannot accommodate remote working. For instance, employees who are accustomed to office-based working, will no longer be protected by the network-based security measures. By trading robust onsite security controls for an unprotected home WiFi, corporate devices are exposed to Internet-threats which cannot be detected or blocked by the onsite firewall.
Although digital transformation plans will always introduce some element of cyber-risk, before the pandemic, law firms had the luxury of taking time to carefully consider the implications of new working practices. However, due to the scale and speed of this change, many legal firms have unknowingly introduced critical vulnerabilities into their systems. Unfortunately, hackers are aware of this sudden spike in lax security measures and are keen to exploit them.
The Covid19 threat landscape
As data controllers, legal firms process and store large volumes of confidential client data. This commercially sensitive information makes them an attractive target for malicious attacks. It can be used to pressure firms into paying large ransoms or to sell on the dark web. Unsurprisingly, cyber-breaches can have an irreparable impact on legal firms. It can not only damage reputation and client relationships, it can also lead to loss of revenue and critical data.
A recent study conducted by a BlueVoyant discovered that legal firms face thousands of daily cyber-threats. Admittedly, there has always been a high volume of attacks targeting the legal industry. However, as the pandemic has forced these targeted company’s into widespread remote working, cybercriminals are eager to exploit firms while their guard is down.
These bad actors are using sophisticated, multi-faceted methods in order to exploit network vulnerabilities. Earlier this year, cybercriminals launched a devastating ransomware attack on the law firm Grubman Shire Meiselas & Sacks. The hacking group stole 756 gigabytes of sensitive data which included emails, contracts, nondisclosure agreements, phone numbers and email addresses. They then threatened to release sensitive client information into the public domain unless they received a ransom of £35 million.
As this influx of advanced threats continues to rise, more and more firms will fall victim to data breaches. Unfortunately, this rise in targeted attacks during lockdown is compounded by the lack of security controls in place to protect remote users. A remote working strategy should not be implemented as a short-term solution. In order to safeguard client data, it is important to develop a ‘bullet-proof’ security strategy which minimises the risks of this new way of working. As lockdown begins to lift across the globe, law firms need to act swiftly in order to remain cyber resilient. This should involve eliminating security gaps, increasing user visibility, deploying advanced security solutions and proactively identifying critical vulnerabilities.
On the 8th July at 11:00am Equilibrium Security Services and Birmingham Law Society are hosting an informative webinar which will explore the risks of remote working during the Covid19 crisis and beyond. This virtual event will address: The Cyber Security pain points which are keeping IT Managers up at night, common security weaknesses which are putting firms at risk of attack and how legal firms can strengthen their overall security posture.
*As a follow up to this session, we will provide a complimentary ‘Security Review’ for all attendees. Our security experts will provide up to 4 hours of free consultancy to conduct a gap analysis of systems, policies and security controls. This will help to identify weaknesses in your security armour which could be exposing your business to cyber-threats.