By Legal Futures Associate Access Legal [1]
Whilst human error is the cause of 95% of cyber-attacks / data breaches [2], we all need to recognise that well-informed, well-trained staff are a law firm’s best line of defence against cybercrime. There are so many horror stories increasingly doing the rounds, that it is understandable that staff are terrified of doing something wrong and causing catastrophic consequences for their employers. It is paramount that firms not only openly encourage their employees to share their concerns and experiences, but that they also reward the right kind of behaviour to develop an open ‘no-blame’ culture. Nurturing a positive culture is clearly going to be key for the success of cyber security policies, and more importantly a key part of the bigger picture for the success of the profession.
We have captured some key take-aways from our recent webinars and panel sessions with law firms on cyber security [3] and its place within a healthy workplace culture. Our top seven take-aways that we believe you will find most useful on this subject are:
Make cyber security a priority
If it is not, I am sure you know it should be. There is always something more pressing and urgent to take up your time. But no law firm can delay this step a moment longer. We urge you to put cyber security at the forefront of developing your law firm’s digital footprint rather than allowing it to be an after-thought. Enough said.
Think about learning styles to make your cyber security training stick
You don’t need us to tell you firms must provide quality training for their staff. It’s a no brainer. But many of the law firms we talk to tell us that there is room for improvement in the way they train their people on cyber security, which of course can be a very dry subject and therefore difficult to engage with. Enabling employees to choose their preferred learning style through multiple training techniques including tests, quizzes, eLearning, games, videos, pdfs and audio stories will move your firm beyond annual, tick-box training that has become typical for many organisations. If you adopt short, immersive, and relevant training, little and often that is highly targeted, the impact of your cyber security policies will increase considerably. If you need help in this area Access Legal [4] have a lot to offer.
Ramp up your communication to staff & join the dots for them
Again communication is obvious. It has to become routine with staff. Let them know what’s happening regularly in the cyber security world. Don’t take anything for granted. Especially when new cyber risks appear. Use stories and real-life incidents to bring the risks to life at home and work. Keep detailed notes of how you manage any cyber incidents and share as and when relevant. Don’t assume that employees knowing what your security policies are will impact behaviours. Firms must join the dots for their employees, and make it crystal clear what is expected of them. Encourage your people to share their own stories to help build their awareness and confidence in doing the right thing.
Sit down today and consider the risks of taking on new staff & your leavers
Be rigorous in on-boarding & off-boarding personnel. There are so many risks with both. Give these areas the attention they deserve.
Double check you are making the right back-up choices
Make sure your back-up procedure is fit for purpose – on site/off site, cloud vs server, high security vs fast recovery. A good practice management supplier will provide excellent advice on these matters.
Ensure your sign off procedures are hyper-diligent
All the law firm execs we speak to at our cyber security events have put in place senior stakeholder sign off procedures for sending and releasing funds – typically a minimum two pairs of eyes for all amounts over £5k or an agreed nominal amount. We do not anticipate there are many firms today that don’t have hyper-diligent processes in place for this, but if you are not 100% comfortable with yours, the time to revisit them is now.
Revisit your position on cyber insurance
Consider what a specialist cyber insurance policy could offer either by speaking to your insurance broker or a specialist in the industry. Seek recommendations and references.
Cyber Security for Law Firms – in summary
The stark reality is that cyber criminals employ a range of ever-evolving tactics to bypass security controls to target employees and are becoming more sophisticated in their approach to breaking down barriers of entry. However, many law firms are surpassing the level of sophistication we are seeing from today’s cyber criminals by implementing solid cyber policies and procedures. If your firm is interested in a new legal practice management system [5], from a trusted ISO27001 legal software supplier [6], or you would like help with your digital learning and compliance [4] for cyber security, please contact Access Legal [6] today on 0845 345 3300 or online [7].
More Cyber Security Resources from Access Legal
- PDF Document: The Ultimate Guide to Cyber Security for Law Firms [8]
- Original source: Access Group’s complete guide to cyber security for law firms [9]
- Webinar Recording: Access All Areas Panel Discussion on Cyber Security October 2021 – Cyber Security for Law Firms – the trends, the threats and the considerations. [3]
- For help with your legal practice management software or digital learning and compliance you can reach Access Legal on 0845 345 3300 or via our online enquiry form [7]