The first article in our series highlighted common mistakes made by law practices, we looked at the lack of awareness and misconceptions law firms have about how vulnerable they could be to cyber attacks. In the second part, we look at why staff training is such an important defence against cyber attacks.
According to cyber training company Mimecast, “Human error is involved in 95% of all security breaches”. Let that figure sink in for a while…
That’s a huge proportion of errors, proving that it doesn’t matter how good your IT system’s security measures are, or how much money you spend on them, if your employees do not know how to spot malicious emails and links, you have wasted all that money.
The focus when protecting your IT system from cyber threats is often placed on perimeter defences, i.e. firewalls. But cybersecurity is a layered approach. Initially, the aim is to try to prevent things from happening, but you also need to have a fall-back plan when they do.
Given that such a huge proportion of cybersecurity breaches are down to human error, it is surprising – and even shocking – that so few law firms are prepared to invest in educating their staff in order to manage that risk. Why spend all that money on technical solutions if you risk rendering it useless when an employee clicks on a link and gives their password away?
Having the logins and passwords of even your most junior members of staff offers hackers access to your company’s system. This enables them to create legitimate-looking emails appearing to come from senior members of staff and they use this to request information, data, or that someone transfers large sums of money to fake client accounts. If there are no other checks in place to prevent this happening, staff members will typically follow the instructions without question, especially if they are busy. These attacks can be very lucrative and are becoming more and more common.
Staff awareness is a hugely important weapon in the fight against these practices, as is the implementation of some form of checks and balances to ensure that even if it deceived one member of staff, it would still be picked up before any damage is done.
If you would like to know more about staff training and other measures you need to take to protect your law firm against cyber attacks, we regularly publish articles on the subject, as well as run a number of events for managers and directors. Sign up for our newsletter to stay informed or contact us to arrange an appointment to talk about your company’s specific requirements.
In the next article in the series, we will be looking at how advances in IT will allow you to increase your chargeable hours without the need to take on new fee earners.