Lawyers are prime targets for hackers seeking to launch cyber-attacks and gain access to confidential data. They are also often reticent to follow cyber security best practices if they are unduly disrupted from their billable work. With more lawyers than ever working remotely, how do you mobilise them securely without impacting productivity?
It’s been a challenging 18 months for a great many organisations, as we have adapted to remote working and the potential cyber security risks that it brings. Law firms have had it harder than many, as they deal with a particularly unfortunate combination: lawyers, a popular and potentially lucrative target for hackers, also happen to be some of the most reticent professionals when it comes to adopting new technologies – especially when it comes at the cost of disrupting their billable work.
We’ve already seen some high-profile law firms suffer data breaches in 2021, as major law firm Campbell Conroy & O’Neil published a disclosure on its website in July. It’s the kind of thing that keeps law firm IT Managers up at night: trying to get buy in from lawyers who don’t read instructions, don’t acknowledge Service Desk emails, don’t read training material, and – in one case we heard – try to setup multi-factor authentication on a desk phone.
It’s essential that your law firm protects itself and its clients, though, especially as lawyers continue to work and access confidential information remotely. Is there a way to mobilise your lawyers securely without impacting productivity? At Six Degrees, we believe there is. In this blog post we’ll show you how.
How to Get Cyber Security Buy-In
When it comes to implementing cyber security best practices that will actually be followed, it’s all about getting buy-in. Here are some tips to getting the buy-in you need:
- Get Senior Partners on-board. In order to enact strong cyber security practices, you will need to effect cultural change. This starts from the top, which is why it’s important to get Senior Partners on-board from the start.
- Focus on reputational and cost damage. Cyber security may be an esoteric concept for lawyers. Reputational and cost damage are not. Focus on these when you explain the importance of cyber security in the context of a data breach.
- Provide one-to-one training. Lawyers may need hand holding when you setup measures like multi-factor authentication. Where possible, provide one-to-one training to ensure the message gets through.
- Make it simple and intuitive. Nobody likes unnecessarily complex systems and processes. Make your cyber security measures as simple, intuitive and low-impact as possible to ensure lawyers don’t get frustrated and start to push back.
- Ensure it works from day one. This is a non-negotiable. If you’ve got your Senior Partners on-board, secured investment, and started roll-out, it’s absolutely essential that your cyber security measures work perfectly from day one.
- Carry out security awareness training. Security awareness training and testing is as essential at a law firm as it is anywhere else. Partners often want to know who has failed a phishing test, and this can create a sense of healthy competition if managed properly.
- Leverage your Information Security Team. Your Information Security Team spends a lot of its time carrying out internal investigations. Cyber security software and its tracking and auditing capabilities can help with this. Get them onside and supporting you in your discussions.
Once you’ve got the buy-in you need, it’s time to put in place the secure mobility measures your law firm needs. We’ll explain what these look like in the following section.
Mobilise Your Lawyers Securely
The keys to secure mobility are identity, data and devices. The combination of these three elements will enable you to mobilise your lawyers securely without impacting productivity. Let’s take a look at each:
- Identity is the new perimeter. You should establish multi-factor authentication across all accounts, and use a central identity directory to ensure consistency across different applications. This enables you to leverage single sign-on by linking identities with individuals, making access a great deal more straightforward for your lawyers.
- Data classification and labelling are essential to identifying how to control different types of data. Data loss prevention is much easier when data classification is on-point, and privileged information access allows you to control and audit data access by setting the appropriate permissions. Microsoft’s in-built tooling makes things like electronic discovery much easier, enabling you to avoid disparate solutions that come with a cost and management overhead.
- As part of your authentication parameters, you should make sure your devices are protected against threats, manageable irrespective of physical location of device, and integrated into control policies. Six Degrees’ Managed Detection and Response service protects users no matter where they work.
Agility Made Simple: Cyber Security for Law Firms
Lawyers are prime targets for hackers seeking to launch cyber-attacks and gain access to confidential data. They are also often reticent to follow cyber security best practices if they are unduly disrupted from their billable work. With more lawyers than ever working remotely, it is essential to mobilise them securely without impacting productivity.
By achieving cyber security buy-in and combining identity, data and devices to deliver secure mobility, you can achieve just this. Today’s law firms are using technology to achieve competitive advantage, evolving their value propositions and operating models to meet client needs while maximising billable hours throughout the value chain.
In our new eBook, we demonstrate how your firm can introduce agile working practices that increase productivity, revenue and client satisfaction while operating in an increasingly hostile digital landscape that necessitates a robust cyber security posture to tackle cyber threats head on. Download it for free here.