The point raised by Peter Wright in relation to the recent ransomware attacks is one that should serve as a call to action for all law firms: ‘If one of the largest firms in the world did not have the adequate safeguards in place to protect against a ransomware attack then it begs the question who does.’
As data controllers, law firms have a deep obligation to their clients to keep their confidential information secure. As a close observer of law firm cybersecurity issues, I have noticed that this is an obligation that many firms do not have the will, expertise or resources to fully comply with. Hackers are becoming more aware of the wealth of data held by most law firms. They know how to find that valuable information and how to get it. They also know that most law firms do not appreciate the threat that cyber-attacks present, and are vulnerable.
More than anything, these recent attacks should reiterate the importance to all law firms to have up-to-date, expansive back-ups that they test frequently. Two back-ups are preferable, one stored onsite and one stored offsite. These multiple back-ups will ensure firms can mitigate the risk posed by cyber-attacks.
As Peter points out, if a firm with the resources of DLA Piper is vulnerable then no firm can claim to be safe. What lawyers can do is avail themselves of every reasonable precaution by backing up their data, using strong passwords, educating staff on the importance of data security (particularly if they are using mobile devices for work), and imposing strong access controls such as two-factor authentication on all accounts.
Derek Fitzpatrick is EMEA general manager at Clio, Dublin