Solicitors are being warned to ‘push back’ against clients and managing partners who demand shortcuts that could put data security at risk.
‘Very often staff are the weak link,’ said cybersecurity specialist Peter Wright, a Law Society Council member and former chair of the Society’s Technolog y & Law Reference Group.
Wright will tell a free online seminar organised as part of London Tech Week that many law fi rms are neglecting training on cybersecurity, for example on the dangers of exchanging documents with clients over free services or on free public wifi.
Wright recommends regular updates, at least annually, to cope with the changing nature of IT security risks.
‘The threats continue to change,’ he said. ‘Last year it was ransomware, before that the “Friday afternoon fraud”.
Meanwhile a new EU privacy directive, on top of the General Data Protection Regulation and applying to all electronic communications could add to the compliance burden.
’Clients, too, need education, Wright said. ‘Law firms need to get out of the mentality of, when being told to jump, asking “how high?”. There has to be a culture of push back, to explain politely to the client what they can and cannot do. It should be embedded as part of the client onboarding process.
’The Peepsec seminar on the culture and social aspects of cybersecurity will be chaired by Oz Alashe MBE, founder of cybersecurity awareness business CybSafe. In other events for London Tech Week, which runs until 17 June, the Society will announce an inquiry into possible threats posed by automated decision-making.
The Society’s Public Policy Technology and Law Commission will examine the use of algorithms in the justice system in England and Wales.