Insights

Why cyber security is a big issue for the legal sector

December 5, 2022

Why cyber security is a big issue for the legal sector

There is a national day for everything these days. National Hedgehog Day, National Garlic Day, National Clean Your Desk Day – and last week, National Computer Security Day.

If the internet is to believed, National Computer Security Day has been celebrated on 30 November since 1988, when the increased use of computers inevitably spawned an early ancestor of the now prolific computer virus. The national day is intended to encourage people to remain vigilant to the danger of cyber attacks – no laughing matter.

And if there is one particular area of business that really should pay attention to the problem of cyber crime, it is certainly the legal sector. Law firms have a number of attributes that attract cyber criminals like bees to nectar.

Firstly, even relatively small firms can hold huge sums of money in their client accounts – particularly in the conveyancing sector.

Secondly, even if they don’t hold that much cash, all law firms are rich in confidential information. This could be valuable in itself, or because a law firm may be willing to pay a ransom to prevent its release.

Thirdly, compared to other businesses, law firms have traditionally not wanted to spend too much of their revenue on technology – although there has been a big shift in that mindset since the pandemic. Effective cyber security measures do not come cheap, but they are now essential.

Fourthly, there are few other sectors where contact details and personal information of key staff are so easily available on the internet. But a law firm’s greatest asset is its people, and each fee-earner will have a profile page on the website. This makes lawyers vulnerable to phishing scams, as well as scams where a junior colleague receives an email from ‘the boss’ telling them to make a particular transfer. These can be surprisingly convincing.

And fifthly, lawyers work in a high-pressure environment. Where measures such as multi-factor authentication are time consuming or cumbersome, there is a real danger that overstretched fee-earners will try to bypass it – or simply press any key to make it go away. I have certainly heard stories where that has happened, and the lawyer in question has recklessly opened the electric gates and allowed a hacker to drive straight in.

Meanwhile the cyber criminals themselves are getting ever more sophisticated – and another story I’m told is that it is now possible to buy hacking software that comes with its own customer helpline.

So for all these reasons, law firms, litigation funders and others in the legal sector should take a moment to reflect on the essential business issues that lie behind National Computer Security Day. But as to National Clean Your Desk Day – I’ll leave that down to your own conscience.


December 5, 2022

Insights