As law firms return to a ‘new normal’ of hybrid remote and office-based working, they will need to adapt proactively to the evolving cyber threat landscape while enabling their people to remain productive regardless of location. It can be a real balancing act when it comes to investing in the most effective way. Here are some areas you should consider to ensure you invest your resources effectively.
Following a turbulent year that saw a mass migration to remote working for a huge number of businesses across the UK, we are beginning to come to terms with what a ‘new normal’ way of working will look like. With the general consensus being that many desk-based workers will adopt a hybrid working model in which they split their time between their homes and their offices, businesses are taking their first steps towards reintroducing their people to the office environment.
Cyber security and data protection should be primary considerations for all organisations throughout this process, not least legal firms that handle large quantities of highly confidential, commercially sensitive data.
How is your law firm managing its return to the ‘new normal’? In this blog we will provide best practice advice on where to invest your resources effectively to ensure you enable your people while protecting them from the hackers that will be targeting them.
Where to Invest Your Resources
At Six Degrees we work with a number of leading law firms, enabling them to adopt agile hybrid working practices and protect their people and their clients in today’s increasingly hostile digital landscape.
Here’s some of the key advice our secure cloud and legal industry experts are giving to our clients:
- Multi-factor authentication. For many law firms, multi-factor authentication can be difficult to implement. Fee earners find it intrusive, and to implement it properly across all Internet-facing systems can feel like a large investment. It really is worth it, though – it is one of the single most effective ways to protect your law firm from cyber-attack, and modern multi-factor authentication solutions can be integrated with smartphones and wearables to ensure your fee earners receive the most seamless experience possible.
- Public Wi-Fi. As your fee earners begin to venture out of their homes and onto trains into the office, beware of the risks posed by public Wi-Fi. Hackers use public Wi-Fi to gain access to data transmitted by smartphones and laptops, and establishments like coffee shops located in legal districts are popular targets. Never use public Wi-Fi if you can avoid it – tether your smartphone and laptop instead.
- Configuring VPNs. VPNs (virtual private networks) have been the most common way for law firms to deliver services remotely to their people over lockdown. But while correctly configured VPNs offer good protection, poorly configured or over-complicated VPNs can be exploited by hackers. Invest time in testing your VPN configurations to ensure your firm is not at risk.
- Cyber security training. If everyone was as cyber-aware as they think they are, there would be far fewer successful cyber-attacks than there are today. Hackers depend on complacency, and that’s why you should get access to the latest cyber threat intelligence in order to educate your people around what’s currently being pushed by malicious agents in an interesting way that means they really are equipped to deal with the latest threats.
- Accreditations. Becoming accredited with industry standards such as Cyber Essentials Plus and ISO 27001 isn’t just good for your cyber security posture – it can help you win business, too. Consider ensuring that your hard work protecting yourself and your clients is a selling point, and have your setup assessed and certified to industry standards.
- Don’t Forget the Fundamentals. For all that sophisticated cyber security measures can reduce the risks your law firm faces, it’s important to put the fundamentals in place too. Ensure your people use complex passwords, put the appropriate levels of physical security in place at your offices, ensure your people protect their equipment when working from home, and be wary of commuting risks such as shoulder surfing and stolen equipment.
Cyber Security for Law Firms
Hackers are persistent, resourceful and adaptable, and there is no single solution to protecting your law firm from all cyber-attacks. However, by applying the measures listed above and combining them with a mature cyber security model that incorporates people, processes and systems, you will enhance your firm’s cyber security posture and reduce the chances of suffering financial, operational and reputational damage as the result of an attack or a data breach caused by human error.
Our new eBook Cyber Security for Law Firms highlights the seriousness of cyber security, how cyber-attacks can have a detrimental effect on a law firm and its reputation, and how firms can implement agile working practices, expanding the workspace while continuing to safeguard their systems and data from potential security vulnerabilities.