Cyber security is a very real and constant risk, and something that we cannot shy away from or ignore. We spoke to Fiona Gillam, a risk and compliance consultant, about the some of the main concerns that firms have and what firms can do to stay as safe as possible.
Q: What is the No. 1 concern that firms have about cyber security?
A: “Will it happen to us?”… I think that many firms cope with minor cyber – attacks all the time: spam and phishing emails seem to arrive every day. The real worry is an attack that disables the firm’s IT and affects its ability to work. I think the question is really “When it happens to us, are we ready?”
Q: Do you think there is enough awareness of cyber security amongst all employees in a law firm?
A: It varies. The figures show that a third of cyber attacks succeed by duping personnel, not through any fault of the firm’s technical/IT security, so it’s worth ensuring everyone has regular update training, focussing on current methods, which are evolving all the time.
Q: Scams seem to be getting more complex and ‘intelligent’. How can law firms stay on top of such things whilst also maintaining the same quality and output of work?
A: Maybe it’s that scammers are using more psychological tricks rather than getting cleverer….again I think it comes down to keeping up with current methodologies and ensuring that personnel are both aware and confident enough to challenge robustly.
Q: What are your top 5 tips for firms wanting to ensure they are as safe as possible?
A: In no particular order of priority they would be:
- People: Awareness training: regular emails from the management team/IT team are essential, but ensure the message is being hammered home by having regular face to face training with plenty of real life examples, so that staff can spot the issues and feel confident challenging unusual behaviour
- Policy: Have a Cyber Security Policy and review it every 6 months at least. This should set out key processes like using email safely, website content control and access, internet access control, monitoring and security systems, like firewalls.
- Pen testing: Expert “pen” testing to check how well you’re doing (this process tests the security of a firm’s IT systems and can identify weaknesses)
- Picking up the pieces: Have a robust Hacking Plan so that everyone knows what to do in (and after) a cyber – emergency.
- Paying to put it right: Check out cyber risk insurance: your PII may not cover all losses
Fiona Gillam is a freelance risk and compliance consultant and a non-practising solicitor. She is also a Lexcel assessor and consultant and presents tailored in-house training on all compliance topics.
We recommend you contact Fiona for her expertise in cyber security and bespoke in-house training packages.
Telephone: 0757 0793728
Email: fiona@riskadvice.co