Posted by Aaron Naisbitt, head of sales at Legal Futures Associate Converge TS
In an era when half of UK firms holding personal data were hit by a cyber breach or attack in the past year, the general public are becoming increasingly aware of where their data is stored and how it’s being protected.
The impact of more informed media coverage
A few short years ago, many wouldn’t have been able to define ‘cloud technology’ or have known what a ‘ransomware attack’ is, but that has changed. Widespread coverage of these issues is growing, and scrutiny of targeted firms is intensifying.
In years gone by, a hack or data breach would often have been reported as an unfortunate accident, or the consequences of an individual’s mistake. There would be a general suggestion that the company in question would need to ‘review security’ to prevent the same happening again.
But rather than simply reporting a breach, the mainstream media is now much more likely to question why it has occurred. Has the company put the proper security measures in place? And if not, where exactly did it go wrong?
Digging to find a cause
Journalists seek to find a reason because, of course, it makes a more interesting story. This can be particularly embarrassing for law firms practising in the area of cybersecurity and data protection, especially when they have failed to follow their own advice.
Following recent security breaches, we’ve seen both Deloitte and JPMorgan Chase criticised for failing to implement Two Factor Authentication, DLA Piper questioned over its disaster recovery planning and hundreds of businesses and public sector organisations ridiculed for failing to patch their environments following the WannaCry outbreak.
Interest is being shown in the specific tools and techniques a company uses to protect its data and, as a result, readers are more likely to ask questions of the companies they allow to hold their data.
A key differentiator
For forward-thinking law firms, this is positive news and can work in their favour in a competitive market.
Firms who are managing their data responsibly can clearly articulate this to clients who are now more knowledgeable about security.
Audits, regular pen testing, monitoring and security software can all help to provide assurances, build trust and attract new clients for firms who put these measures in place.