Cybersecurity for lawyers
Why does cybersecurity matter?
In 1994 the UK national lottery launched with the catchphrase “It could be you” promoting the idea, however unlikely, that you might win a big financial prize. Without worrying you, it is much more likely that you cause a cybersecurity incident than win the lottery.
Personal information, such as credit card numbers, health information, bank account details, and other sensitive information can be stolen by hackers, leading to identity theft and financial loss. Businesses also face the risk of losing sensitive data, leading to harm to their reputation and financial losses. Furthermore, cyberattacks can disrupt essential services, such as hospitals and national infrastructure, leading to serious consequences for society as a whole. By taking steps to improve our cybersecurity, we can protect ourselves, our families, and our Firm.
Christian Toon
Head of Cyber Professional Services
Cybersecurity is important for everyone at Pinsent Masons, now more than ever, as it protects our business operations, reputation, finances and client data.
Lawyers are high risk targets for cybercriminals because they have access to a variety of sensitive information from a range of clients and organisations. Freelance lawyers are possibly even more of a target because they will often be working remotely on personal equipment and without access to the same level of cybersecurity resources and protections that employees might have. Unlike a permanent employ a freelancer’s personal, mailbox and document repositories will contain emails for multiple organisations and so in the event of a cyber incident the impact could be much greater.
When can mistakes happen?
Information security is not a new phenomenon. One might even suggest that, with attempts to intercept early telegraphy messaging in the 19th century, cyber security is not new either. What is new is the scale of the attacks and the potential damage done.
It’s often said that people are the weak point in security because we get tired, make mistakes and are susceptible to social engineering attacks. But we can also play our part in preventing security issues by following best practice (see list below), being vigilant and being informed about the techniques used by cyber criminals.
Mike McGlinchey
Head of Client Consulting
Mistakes = (Time Pressure x Volume Pressure) / Awareness
The more alert and informed we are, the fewer mistakes we might make.
What can you do to improve your cybersecurity?
Whilst there's very little you can do to significantly improve your chances of winning the lottery, there is plenty you can do to enhance your cybersecurity and keep client confidentially at the fore.
Whether you're a flexible consultant on assignment, a lawyer working in-house, or any level of legal professional working in private practice, these tips can help you protect the personal data you work with:
1. Passwords – Use strong and unique passwords for all your accounts and enable multi-factor authentication. A Password Manager is also strongly recommended.
2. Updates – Keep your software and operating system up to date with the latest security patches. Check weekly so that you can update little and often to avoid any disruption.
3. Antivirus – Use a reputable antivirus program and keep it updated – this means making sure it checks daily for updates and protects your devices.
4. Emails – Be cautious when opening emails or clicking on links from unknown sources because phishing is THE biggest root cause for cyber breaches. Be suspicious.
5. Back-Up – Regularly back up important data to an approved solution (check with your client requirements first), such as a external hard drive or cloud storage so that you don't get caught out if something happens to your laptop.
6. Public Networks – Avoid using public Wi-Fi networks for sensitive activities, such as online banking or accessing confidential information. Using a mobile hotspot you own is the best option if a private, secured network isn’t available.
7. Report – If you're unsure - report it. Even if it turns out to be false, early warnings are the key to successful defences.
8. Encryption – Encrypt sensitive data, such as financial information, when storing or transmitting it. One of the best protections you can have to protect your data.
9. Pin Code – Keep your mobile devices secure with a password or PIN and if the device allows you to, use the biometric ID systems as well.
10. Education – Educate yourself on the latest cybersecurity threats and trends to help you stay vigilant in protecting your information and systems.