Cyber security: 46% of UK law firms had security leaks caused by staff – 3 steps to protect your firm.

PWCs 2018 survey of the UK law firms1 is great reading – 89% of UK law firms saw income growth in 2018 (Note: This trend has continued post 2018).

However cyber security is a pressing issue – 60% of firms suffered a security incident, and nearly half of all law firms had a human error incident – where their own staff caused the issue.cyber security train
Commenting on the report, Kingsley Hayes’s at Hayes Connor Solicitors said “One of our recent cases was against a firm responsible for a data breach involving one of its solicitors leaving our client’s sensitive medical records and other confidential information on a train. Our client suffered significant mental health issues following the breach which led to a demotion at work.”

Key risks that are also relatively easy to protect against are:

1) Accidental disclosure of information (e.g. email to the wrong person)
– Mail software that checks recipients and content, and warn if either don’t look right. Safesend2 is a good option for firms with IT support, for smaller firms make sure mail tips is turned on, and use ‘deferred sending‘ to let you ‘undo’ sends.
– Use a service like safedrop to send sensitive documents – these can then be revoked if needed.
2) Phishing attacks (where your team click on a dangerous email or open an attachment with a virus)
– Training is important here. Companies like IT Governance4 can setup training for your team. If budgets are tight use Barclays free security webinars and have a quiz afterwards! 3.
– Secure file receiving software like our own safedrop inbox gives your people a safe way to receive electronic documents.
3) Sensitive information being lost or left on the bus/taxi/plane.
– This is actually the hardest one. Moving to a paperless office helps a lot for cyber security, but many of us are resistant to electronic documents. If you use paper, consider applying watermarks to all sensitive documents. A good watermark will make the document handler think harder as her name is all over it. Also add contact details to the watermark so a finder can return it.

Further reading & Links

(1) Transcript – 2018 Law Firms Survey overview David Snell – PWC Law Firms Survey

(2) safesendsoftware.com – great for firms with an IT team – they can automatically flag up emails based on recipients, or email content

(3) https://labs.uk.barclays/cyber-security-awareness – free webinar on cyber security. Show this to your team, then quiz them

(4) itgovernance.co.uk – provide cyber security training.