The Solicitors Regulation Authority of England and Wales have published a review of cybersecurity and its relevance to law firms. Looking at how firms handle sensitive client data, and what risks are presented in the forms of cyberattacks. As well as the general ongoing importance of awareness of digital security in the industry, the report is particularly timely and relevant due to the rapid increase in lawyers working from home, as a result of the COVID-19 pandemic.
The report has shown that whilst the vast majority of firms are aware of many of the risks presented by cybercriminals, however, the value of the data they hold means that they are extremely attractive targets to cybercriminals. Similarly, the report suggests that whilst many firms have extremely high levels of technological defence, one of the greatest vulnerabilities can be individual practice and staff awareness.
The report breaks down its findings into five key areas:
• cyberattacks – type, volume and impact – the report found that 3/4 firms had been the target of a cyberattack, with £4million of client money stolen.
• people – what support was provided to staff? – the report found that 60% of firms felt that their biggest vulnerability was the knowledge and behaviour of their staff.
• technology – what controls did firms have in place? – the report found some confusion around technology, however, 93% of firms confirmed they had a firewall in place, and all required all devices to be password protected.
• support – what support did firms use? – the report found that 3/4 of firms relied on commercial IT specialists, the report suggested that more awareness was needed to guarantee quality when engaging third party contractors.
• reporting – did firms meet their reporting requirements? – the report found that 73% of firms who suffered an attack had reported the incident, however, seven significant incidents had not been reported.
The full report and the SRA’s ongoing recommendations around cybersecurity are available here.