It’s time for firms to tackle the rising wave of cybercrime. Cybercrime is with us and it’s a growth area. The attack suffered by LinkedIn earlier this year, when user details and passwords were made public, shows how even those who use the internet as their place of business, and might reasonably be thought savvy as to the threats, can be vulnerable to increasingly sophisticated hackers.
Every solicitor is well aware of their legal and ethical duties in relation to client confidentiality. But the potential for loss of client data is much greater now than in the days when all information was stored in paper files. Yes, there is the potential for loss of paper-based client data, but the risk is not as great as where data is stored electronically without robust systems protecting it from attack.
And with recent reports in the professional media highlighting that ‘law firms are an active target’ for industrial espionage, it’s not something you can afford to ignore. Every law firm holds highly sensitive data about individuals and businesses. The details of a merger and acquisition; the development of a product or other commercially sensitive data would be attractive to those who are able to profit from the sale of such information. For those providing online tracking for clients’ matters there is likely to be the additional worry of personal information and financial information that is attractive to those who would use it for criminal purposes.
So, have you thought strategically about data security? For those of you who will say ‘we have anti-virus software and firewalls’, ask yourself – is this enough? What about security of data when it leaves your building? Are all your laptops, iPods, iPhones and android phones set up so they can be locked-down (stopped from being used remotely) if they are lost or stolen?
Also, what systems do you have when the old fashioned paper files leave the building? Every practice should ensure that there are internal policies and procedures for dealing with data security - and that staff are fully trained in them.
For the purposes of outcomes-focused regulation, you need to evaluate the risks to client data and then put in place robust procedures to minimise the risks you have identified. To ensure data security for clients, every practice should undertake a full strategic review as to how both the practices’ and the clients’ data can be protected.
And for practices dealing online with clients, it may even be time to consider ISO 27001, which is the international best practice standard for an information security management system. The reputational risk to a law firm of having data stolen is too high a risk to take. Take the time to ensure all your data is safe or your practice may be the subject of the next news headline.
- The Law Society is running an event looking at how to combat cyber threats. Get more information on 'Security means survival: fighting fires, hackers and red tape'
Jeanette Lucy is the director for compliance, quality and learning with law firm network LawNet