Posted by Milad Shojaei, a trainee legal advisor at the Ministry of Justice, and strategy & engagement director at Legal Futures Associate Casedo
The abrupt shift to remote working triggered by the pandemic has underlined significant cybersecurity threats for employers and employees alike.
According global accountancy group HLB’s 2020 Cyber Security Report, over 50% of organisations experienced security breaches and cyber-attacks in 2020. Shockingly, only 42% reported that they were prepared for moving to remote practice, with the majority under threat as a result of Covid.
The City of London Police confirmed that cyber-attacks increased as people worked from home.
To survive the global crisis, many organisations relied on decentralised digital operating systems to survive. Video conferencing tools like Skype and Zoom and collaboration software like Slack have replaced physical interaction.
The digital decentralisation has also increased acceptance of cloud computing and storage. However, despite the positive move to digital working, most were unequipped to face potential cyber-threats.
Cybersecurity platform Tessian revealed in its Securing the future of hybrid working report that 82% of IT leaders believed permanent remote workplaces put their company at greater risk of phishing attacks, with a further 78% convinced that they are at more significant risk of an insider attack.
Moreover, the Cyber security in the remote working era report by Keeper Security also discovered that 37% of respondents did not have a cyber-incident response plan in place. The study also suggested that 44% of organisations have experienced a data breach in 2020.
The recent Cyber Security Breaches Survey 2021 drafted by the Department for Digital, Culture, Media & Sport confirms that Tessian’s cybersecurity concerns are still compelling in early 2021.
The latest qualitative data in the survey suggests that 49% of businesses and 44% of charities reported cyber-attacks happening at least once a month. As the risks of fraud continues to loom large, it is clear that cybersecurity remains a high priority.
Is the legal sector vulnerable to cyber-attacks?
Legal professionals handle confidential data frequently and now that they are working remotely the exposure to threats has escalated.
The transition to remote working has intensified the challenge of protecting proprietary data as organisations and humans often neglect basic security and compliance protocols. Organisations that allowed employees to use their own equipment have inevitably exposed themselves to fundamental security breaches.
Much of the risk lies with inexperienced and overwhelmed employees unfamiliar with remote work, unable to ensure unauthorised access to devices. Keeper Security’s report discovered that compromised or stolen devices caused almost one-third of cyber-attacks. In addition, tech-illiterate workforces are also unaware as to how to respond to cyber-attacks when they occur.
‘Bring your own device’ (BYOD) accompanies a notable lack of visibility of when cyberattacks occur – 78% of remote workers who used their own devices during the lockdown period between March and July 2020 reported that they received phishing emails.
Worse still, 68% claimed that they downloaded attachments from phishing emails they received on their personal devices.
Over half of IT leaders share concerns that employees will connect to public Wi-Fi when working remotely. These apprehensions are not misplaced as 58% of employees admit that they have either considered using public Wi-Fi or have already done so.
Cyber-attackers have also improved significantly. US law enforcement recently discovered that Russian hackers have targeted employees working from home in countless Fortune 500 companies. Reports suggest that malware was utilised on common websites. Privately used PCs were left untouched yet those connected to major corporate or government networks were targeted.
Larry Ponemon, chairman and founder at the Ponemon Institute – a US-based organisation dedicated to privacy, data protection and information security policy – said: “Covid-19 and widespread remote working have provided cybercriminals with a new means to attack businesses with greater levels of intensity and frequency.”
Cloud computing and remote work have been a recipe for disaster. Cybercriminals no longer require sophisticated set-ups, as simple human error is enough to create a devastating consequence. A single misconfigured device can enable a tracker to breach seemingly complex systems, exposing confidential data.
As the world endures new waves and strains of the Covid-19 virus, we can expect more sophisticated threats and issues. Law firms and legal departments should move fast, complying with cybersecurity measures and working diligently to recognise the extent of the problem and the necessity of investment.