On a day-to-day basis, law firms handle financial transactions involving large amounts of money and send and receive sensitive client information. Much of this activity takes place digitally, be it online bank transfers, automated identity checks or simply emailing financial and personal information between law firms and clients.
We have warned the profession about the dangers and need to be vigilant against cybercrime for a number of years. Whether by use of spyware, identity theft, viruses or simply tricking people to reveal sensitive data, cybercriminals are always attempting to find new victims and weaknesses in defences they can exploit.
With Covid-19 meaning millions more people than ever before are working remotely and carrying out both personal and business activities online, the need for everyone to remain extra cybersecurity vigilant is arguably greater than ever. We have already published key support resources including a dedicated Q&A on cyber security as firms and solicitors change the way they work.
Effective cybersecurity is not just a technological issue, or simply about having the latest security software in place. In fact, the biggest vulnerability – and also potentially best defence – most companies will have regarding cybercrime lies in the day-to-day practices and awareness of their people.
We know the majority of solicitor firms are aware of the risks and have developed processes and approaches to try and make sure they don’t fall victim to the criminals. But attacks still happen, and even where a firm thought they were secure, some unfortunately are still successful.
And while law firms usually have insurance to protect against financial loss, the cost of cybercrime can be about more than just money. Where clients are involved, even if the money is eventually recovered, the impact and stress of being involved in an incident can be significant. For a firm there can be significant reputational, resource and longer-term financial impacts of being caught up in cybercrime incident.
Download the full report and review here: www.sra.org.uk/sra/how-we-work/reports/cyber-security