Cyberattacks are becoming more sophisticated and more prevalent year on year. The legal profession is not exempt from these attacks, and is in fact more vulnerable to them because of the standing of lawyers as data controllers. Add to this the standing that most law firms’ hold in society, as safe, reliable and trustworthy, then the costs of poor cyber security extends beyond the immediate loss of clients monies (often) and any fine imposed and goes to the very reputation on which they practise. Notwithstanding that cyber fraud is becoming more sophisticated, attacks still focus on the simplest and most established means of lawyer /client communication-the email. According to research from Get Safe Online, 77% of all cyber frauds were email phishing. Phishing is defined as the fraudulent practice of sending emails purporting to be reputable in order to induce individuals to reveal personal information. On 25th October 2017 Lawnet published its “Lawnet Risk Management Report” looking at how the right risk culture delivers returns for law firms. Their excellent report found that a cultural shift in attitude towards risk management may prove to be the most important driver of future law firm growth. The research among mid-sized firms suggests that strategic risk management is bringing a return on investment and opening the door to greater competitiveness and client choice, as well as satisfying regulatory requirements. The report identified that the most common sources of data breaches were as follows: – Loss and Theft of paper work – Data posted or faxed incorrectly – Loss or theft of unencrypted devices – Data sent by email to the incorrect recipient. The Lawnet report also found that almost 50% of respondents were aware of a fraud attack to their firm in the last 12 months, of which the majority were email phishing attacks. In addition the report identified a trend of emails purporting to be from senior management asking finance staff to send money to different destinations, a particular issue in conveyancing.
So how secure are your emails?
Commenting on a recent Information Commission prosecution, in which a lawyer was fined for keeping a client’s personal information insecurely, Steve Eckersley, head of enforcement at the ICO said: “People put their trust in lawyers to look after their data – that trust is hard won and easily lost. (Although the case he was referring to involved information kept on a personal computer, how safe is information kept on law firm’s systems and transmitted between lawyer and client.) Peter Wright solicitor, managing director of Digital LawUK and chair of the Law Society Technology & Law Reference Group, also blogged a warning about the ever increasing threat from phishing emails and the risk of loss of personal data. He was referring not just to the risk from external emails but also those presented when firms’ own servers get hacked and the risk comes from what appear to be emails from an internal source. He also drew attention to the General Data Protection Regulation (GDPR) – new law that will replace the Data Protection Act 1998 and will apply in the UK from 25 May 2018. (The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.) This and the fact that the ICO’s powers include imposing a monetary penalty of up to £500,000 add an additional degree of urgency to the issue of data security within legal firms. Peter Wright also suggested that whatever storage and communication medium firms employed they should ensure that it is secure and encrypted and warned against using free or cheap cloud based systems as these are neither. However, law firms are able to protect themselves with inexpensive and secure alternatives to email that go a significant way to managing the risk of cyber insecurity in their practise. There are much more secure alternatives available to law firms that also offer document sharing and e-signing. As part of the technological revolution aimed at the legal space, mobile and portal based communication tools often feature a secure document delivery function for all those confidential documents that law firms are required to send that clients, that clients can now instantly accept/ decline and sign those documents and return them digitally. Technology companies such as The Link App provide a secure alternative to the email. All its data is held and backed up in the UK. Its data centre has ISO 27001accreditation. All its communications are encrypted to the same standard as some UK banks. The Link App also takes security and customer convenience one step further by offering this feature in a single secure real time mobile app that offers a discreet and secure seamless communication channel. So no need to email important documents and risk them going into junk boxes, going astray, or getting hi-jacked by third parties. Documents can go straight to your clients and only to your clients.