Cybercrime threat to law firms; How are you protecting data and client information?

12 November 2019

Cybercrime is impacting legal practices globally and locally and presents challenges to how law firms protect their data and client information.

PWC Annual Law Firm report 2019 found: 76% of Top 100 firms said they were “somewhat concerned” or “extremely concerned” about cybersecurity. The second greatest threat for growth behind Brexit.


What type of cyber-attacks are law firms facing?

According to the National Cyber Security Centre’s (NCSC) 2018 report ‘The cyber threat to UK legal sector’, the most significant cyber threats that law firms face are

  1. Phishing
  2. Data breaches
  3. Ransomware
  4. Supply chain compromise

Why Law firms are a prime target?

There are two main reasons why law firms are targeted for cybercrime;

  1. They possess confidential and sensitive client data
  2. They have access to large sums of client money

Data and money are considered to be of high value to cyber criminals so it is no surprise that legal profession is a prime target with law firms falling victim to scams, client money theft, fraudulent activity and unauthorised access to client information which can lead to loss of clients, reputational damage, financial instability and damage to IT infrastructure.

How to minimise the threat of cyber exposure in your law firm

The following advice is from the National Cyber Security Centre and is aimed at protecting businesses and law firms from the most common cyber-attacks.

  1. Back up your data
  • Have regular backups of your important data, and test they can be restored. This will reduce the inconvenience of any data loss from theft, fire or other physical damage or ransomware
  • Consider backing up to the cloud. This means your data is stored in a separate location and you'll be able to access it quickly, from anywhere
  1. Keeping smartphones safe
  • Have a pin/password/fingerprint for mobile devices
  • Configure devices so that when lost or stolen they can be tracked, remotely wiped or remotely locked
  • When sending sensitive information/data, don’t connect to public Wifi Spots, use 4G connections
  1. Prevent malware damage
  • Use antivirus software on all computers, laptops and smartphones
  • Apply the latest software updates provided by manufacturers and vendors. Use the ‘automatically update’ option when available.
  • Switch on your firewall to create a buffer zone between your network and the internet.
  1. Avoid Phishing attacks
  • Scammers send fake emails asking for sensitive information (such as bank details) or containing links to bad websites.
  • Check for signs, like poor spelling and grammar. Does the sender's email address look legitimate, or is it trying to mimic someone you know?
  1. Use passwords to protect your data
  • Use two-factor authentication (2FA) for important websites like banking and emails
  • Avoid using predictable passwords such as family and pet names

What to do if you have a cyber attack

The following advice is from the National Cyber Security Centre and is aimed at resolving and recovering from a cyber incident.

How can you resolve the issue as quickly as possible to avoid any significant disruption to your business and the service you are providing to clients?

  1. Identify what is happening

The first step in dealing effectively with an incident involves identifying it. The following may indicate a cyber incident:

  • Computer running slowly
  • Users locked out/unable to access documents
  • Messages demanding ransom
  • Redirected Internet searches
  • Unusual account activity
  1. Resolve the Incident
  • These actions will help your organisation get back up and running you'll also need to check that everything is functioning normally and fix any problems.
  • If your IT is managed externally, contact the right people to help. If you manage your own IT, activate your incident plan
  1. Report the incident to wider stakeholders
  • You are obligated to report certain incidents to the Information Commissioners Office (ICO).
  • Inform your regulatory body - Law Society Northern Ireland
  1. Learn from the incident

After the incident, it's important to review what has happened, learn from any mistakes and take action to reduce the likelihood of it happening again.

Law firms will increasingly need to be secure, and be able to assure clients that they are so. This can involve a huge amount of effort, however, given the risks, including reputational damage, law firms of any size need to fully participate in a crisis management exercise at least once each year.

For more information on any of the areas covered above, check out the National Cyber Security Centre Website


Contact Aileen for legal market information in Northern Ireland and Ireland or to discuss your recruitment needs. | 028 9023 5456


MCS Group – Proud Sponsors of the Law Society of Northern Ireland



Add comment