The highly sensitive information that legal companies hold put them in a position of vulnerability, says Howard Nicholls, general manager of tech security firm Network Box.
“If systems were compromised, the personal and confidential nature of leaked customer information would lead to severe and potentially irredeemable damage both to clients and to the legal firm,” Nicholls told NZLawyer
“If your own cyber protection is not sufficient, how can you reasonably advise your clients on the necessity of cyber protection to secure their intellectual assets?”
The biggest risk of a cyber-attack comes from not knowing your firm’s cyber weaknesses, he said.
He gave six recommendations to firms for becoming more cyber-aware. “These apply regardless of the size of your business.”
- Understand your own cyber risk profile.
Nicholls recommended getting a cyber-assessment carried out. “These can be affordable for SMBs as well as larger companies.
“Assess your company’s capabilities for identifying and dealing with cyber threats and data breaches.
“A good report should inform in a way which is mindful of your legal business context, geography, structure, specialisms etc.”
- Identify areas to take action.
Based on the results of the cyber risk profile, Nicholls recommended prioritising the areas of your firm that most need managed cyber risk.
“A good cyber assessment will suggest action plans that close current gaps in your defences and protect you from threats in the future."
- Identify practical solutions to the areas requiring action.
Nicholls advised that firms should develop policies, training and processes to mitigate cyber risk, as well as investing in the technology required to protect their network.
“Ensure the people within your organisation are held accountable and fully aware of their obligations to reducing your risk, from the boardroom to individual network users.
“Every member of your company has a role to play in protecting your systems and information to reduce the risk of a cyber-breach.”
- Implement the plan to put in place the identified solution.
Nicholls continued: “
But don’t increase your business risk again by delaying,”
The cyber threat landscape is highly dynamic, new threats emerge daily. The sooner you implement new measures, the sooner your risk and associated cost is reduced.”
- Review and update.
Once in place continually review your cyber risk profile and the solution plan, Nicholls advised.
“In summary - get aware, get protected. Build your firm’s reputation as a good cyber citizen,” Nicholls said.