It seems like every week, another story is in the news of a famous company suffering a cyber attack. From Facebook to the NHS, no company is exempt from the risks of cyber crime, whether large or small. Whilst it is often the household names that seem to be targeted, every business operating today must be prepared to prevent cyber attacks.
According to Tech Radar, almost one million SMEs have encountered a cyber attack in the past year. This figure includes companies in the legal sector, highlighting the important of cyber security for chambers, who host sensitive customer data and other assets that may be targeted.
Top tips for cyber security defence
If you work in a barristers chambers, now is the time to put a comprehensive cyber security defence strategy into place. Here are three simple steps you can take internally to prevent a breach.
Maintaining security best practice
The first step in creating a failsafe cyber security strategy is defining best practice models and ensuring they are upheld throughout your company. As Dave Hogue, technical director of the NSA’s Cybersecurity Threat Operations Center (NCTOC), observes:
“Adversaries are getting into networks using very non-technical means, taking advantage of hardware and software that is not patched up to date and bad security practices such as using applications that are no longer supported.”
Hogue emphasises the fact that cyber attackers are gaining access to protected data through means that could easily be prevented by following industry best practice measures that have been in place for many years.
Clearly, not all firms are implementing the basic steps advocated by the security industry, and this is problematic, because no matter how much sophisticated software is used to detect hacking, it won’t be prevented if a business is using the same simple password for every application.
Chambers need to ensure best practice is implemented as a company standard. This should cover everything from putting into place two-factor authentication on cloud systems to ensuring only the individuals whose roles require access to certain data have the controls for it.
Of course, to maintain best practice, employees must be thoroughly trained in cyber security defence and protocol. This is one of the most important steps in eliminating easily-preventable breaches, and should be put into place at all levels, from new employee inductions to re-training of the most experienced, longstanding members of staff.
You might assume that software failures are the cause of most cyber breaches, but in fact employees have a large role to play in this area. This is being acknowledged increasingly throughout the sector, with a recent study by the International Legal Technology Association (ILTA) conducted a study that found 60.9% of legal professionals believed human error poses the largest risk to their law firm’s cybersecurity.
Cyber attacks are becoming more subtle every year, and many of the most detrimental breaches are targeted at unwitting employees. Therefore it is essential that every member of your team is trained in data protection. This includes the correct processing of client data, password management, the issues around sending sensitive information via email, and how to identify phishing emails.
To create a holistic culture of cyber security, client confidentiality should be upheld at all levels, and security, privacy, legal and compliance teams must work together seamlessly to prevent any breach.
Create a breach response plan
With the recent introduction of hefty fines for companies who fail to notify the Information Commissioner’s Office of a breach within 72 hours, it is more important than ever to formulate a coherent plan for the event of a cyber attack.
This will involve various elements, such as finding a reliable process to collect breach data, and quantify which information has been compromised in the process. You will need to decide who will be responsible for accounting for a breach and reporting it to the ICO, as well as what response you will put into place following the event. How will you notify clients? How will you recover any assets lost?
International law resource, Lexology, suggests:
“Put your systems to the test. In the event of an attack, how quickly will you be able to gain access to back-ups? Will your most business-critical systems continue to function, if hit by ransomware? Ensure that your contingency resources are adequately insulated from live ransomware attacks.”
“Simplify management and decision making, simplify the process of getting investment approval, give security an appropriate budget, hire a good Information Security team, use external experts to challenge and test your systems and processes on a regular basis.”
Whilst McManus is correct in suggesting that organisation, awareness, proper budgeting and external support are the cornerstones of a successful security strategy, all of these pointers are merely the tip of the iceberg. To ensure your systems are secured by the latest technology, expert insight is an essential part of any data protection plan. To find out more about how CBS IT can help you improve your chambers’ cyber security defence, contact us today on 020 3355 7334.