By Legal Futures’ Associates DPS Software
The professional reputation of any law firm plays a critical role in their continued success. A strong reputation attracts people, clients and long-term relationships. But reputations can be fragile. As Warren Buffett said: “It takes 20 years to build a reputation and 5 minutes to ruin it.” With law firms handling the most sensitive, and therefore often most valuable, data and information on behalf of clients they continue to be one of the biggest targets for cyber criminals.
Some of the most recent embarrassing and high profile attacks have involved law firms. The UK’s National Cyber Security Centre reported late in 2019 that there had been a significant 42% increase in reported incidents in law firms over the last 5 years. But what can be done?
Your employees are your strongest defence against data breaches and cyber-attacks
In their cyber security review published in September 2020 the SRA highlighted: “Effective cybersecurity is not just a technological issue, or simply about having the latest security software in place. In fact, the biggest vulnerability – and also potentially best defence – most companies will have regarding cybercrime lies in the day-to-day practices and awareness of their people.”
Our own human error – the unwitting mistakes we all make, whether we’re in the boardroom or on the frontline, during our busy working lives – enables 90% of all successful cyber-attacks. The stark reality is that cyber criminals employ a range of different tactics and typically find it relatively easy to bypass security controls to target employees. The approach is simple, the potential impact can be catastrophic.
What can you do to change employee behaviours?
If we are serious about wanting to change employee behaviours to ensure they protect your hard-won market reputations we need to think differently. Having worked with numerous organisations to help them develop strong security engagement with their employees I’ve learnt some essential points:
- Don’t rely on the ‘tick-box’ tedium of annual training sessions.
- Do make your training personal and relevant.
- Don’t assume that employees knowing what your security policies are will impact behaviours.
- Do make training short with simple, easy to use advice.
- Don’t rely on tired, overused training content.
- Do encourage your employees to share their experiences and develop a no-blame culture.
There are some simple, cost effective things law firms can do to strengthen their human cyber defences. Warren Buffets full quote is: “It takes 20 years to build a reputation and 5 minutes to ruin it. If you think about that you’ll do things differently.”
We would like to provide some ideas for what you can do differently in strengthening your human cyber defences with you on a series of Access Group law firm webinars – the first is being held on Thursday, 21st January starting at 12.30pm.