Law Society release their end of year cybersecurity review
The Law Society has published an end of year review on cybersecurity, highlighting the key issues faced in 2017 as well as those to bear in mind for the year ahead.
Written by Peter Wright, the article highlights the growth of ransomware, the upcoming GDPR as well as practical steps that firms should take.
Ransomware and risk
Regardless of the sector, ransomware is a risk when large aspects of your business are based online. Even more so when the data stored is highly sensitive.
As Wright highlights, whilst the risk of being targeted has always been a problem, mainstream media reports and high-profile cases have led to it appearing more prominently in the public eye of late, boosting the awareness of its impact.
Awareness is something that’s naturally followed by action, with businesses and law firms alike developing more stringent protection strategies where risk management is concerned. More attention is being paid to the implementation of firm-wide protection practices as well as the recognition that cybersecurity is far more than just an ‘IT issue’.
However, whilst the importance of these preventative steps are not to be overlooked, it’s not just businesses which have taken action in regard to fraud.
On the other side of the screen, criminals are continuing to develop their own methods of online attack. By harnessing new technology and using new ways to target firms, fraudsters are able to seek out the smallest of vulnerability and use it to their own advantage.
Whilst stopping fraudsters from targeting a firm is not something that you can be controlled, adopting an effective risk management strategy can help to protect client’s money should an attack take place, as well as preventing systems from being infiltrated in the first place.
Rather than being something that’s addressed as an afterthought, highlighting the importance of cybersecurity should ideally form part of initial training. As Wright states, clarifying that it’s important from an early stage makes it clear that it’s a priority, as well as ensuring that all employees know what’s expected when it comes to prevention of risk. When acknowledging that the majority of breaches are due to a lack of best practice understanding, the need for this kind of training becomes even more significant.
Wright also goes on to highlight the importance of training in a preparatory sense, forming an important foundation for the upcoming GDPR implementation next year. The General Data Protection Regulation requires firms to demonstrate compliance in the event of a breach or when being assessed by the Information Commissioner’s Office as well as the Solicitors Regulation Authority.
Where the GDPR is concerned, whilst the steps each firm needs to take will be different, Wright makes it clear that it’s always important to establish existing vulnerabilities. This forms a good starting point regardless of the strength of current processes.
Although the ICO wants to see that firms have actively taken notice of the GDPR, this does not mean it requires high cost procedures to be implemented. Rather, the regulator wants to be assured that the steps a firm has taken toward compliance are both reasonable and proportionate.
The Law Society blog can be found here.