5 Steps for Law Firms to Protect their Reputation Before a Cyber Attack
This week saw an international and well known law firm fall victim to a malware attack, (Bloomberg Law: DLA Piper Victim of Massive Malware Attack). Whilst they were not the only organisation to suffer from attacks recently, law firms (as do those in the financial services sector) trade on their reputation, expertise, and their ability to maintain confidentiality, all of which have doubt cast upon them in the wake of such cyber attack.
As in the physical world it is not possible to provide absolute security against a highly motivated attacker, there are steps that firms can and should be taking to protect themselves, and their reputations against cyber attack, these are the 5 steps that Fifth Step recommends.
1. Identify
Know what it is that you want to protect, and what you are looking to protect it against. This means understanding the value of the information and intellectual property that you hold, no only to you and your clients, but also to hackers and other third parties. This is particularly important for law firms who are holding not only their information but sensitive and valuable information belonging to their clients.
Identifying what you are protecting it against should include the scenarios, such as data breach, corruption by malware, or loss of access due ransomware attack. Whilst reviewing these scenarios we also recommend looking at other business continuity scenarios that may have a similar impact on the organisation.
An often over looked area in this phase is ensuring that your vendors don't become a weak link in your armour. Asking vendors questions to ensure that they have the right protection, policies and procedures in place to ensure that they are they are prepared for and will be able to resilient to, or restore normal service as quickly as possible in the face of cybersecurity event should be a regular part of your vendor management process. In the immediate term, ensure that you consider vendors in the scenarios that your organisation should protect itself against.
2. Protect
The protect stage is where means of protecting the assets against the scenarios from the previous stage takes place. It is vitally important that every tool in the toolbox is deployed, and that there isn't an over reliance on technological solutions. So ensure that everyone in the firm has been trained to recognise the signs and symptoms that may be the prelude to an attack, and that they know what to do to keep themselves and the organisation safe.
Technology does have its part to play though, ensuring that anti-malware software is installed on computers, and that it is kept up to date is a first line defence. Ensuring that computers have their software firewalls enabled, and that they are patched regularly with software vendor patches are some of the basics that all law firm's IT departments should be ensuring as a minimum.
3. Detect
Detection can take many different forms, and many hacks, data breach and cyber attacks over the last few years could have been avoided if organisations saw and interpreted the signs and signals. Some of the more obvious (certainly in with the benefit of training) are phishing type emails, large amounts or different types of network traffic from computers/user than usual, computer systems operating slower than usual etc. Whilst not signs on their own, they are some of the signals that should be prompting investigation.The best advice is to ensure that staff are encouraged to, and have a way to report suspicious activity so that it can be logged and investigated where appropriate.
Technology and services can of course help in this area with Security Event and Incident Management (often known as SIEM) solutions being a great help.
4. Respond
The respond phase is very often the most neglected phase of this set. It is very often the stage that requires the whole organisation to be come together rather than responsibility being delegated to those who are seen to be responsible for cybersecurity.
The most important thing to do in preparation for any cybersecurity event, is to create an incident response plan. This needs to be robust, and flexible enough to cope with the variety of scenarios and risks that your organisation faces. It should also include a clear communication plan, identifying the key communication groups (partners, staff, contractors, vendors, clients) and the situations under which they should be communicated with. It should also have a clear policy on who, what and when information should be shared with the media. Being out in front of the bright lights of the TV cameras too soon or when its not required is certainly something to be advised. Images an under briefed Dido Harding (former CEO of Talk Talk), appearing in front of the TV cameras, is not the template that most partners would want to cultivate for their personal or firm's image.
5. Recover
The outcome from running the incident response plan is the creation of an incident recovery plan, the recovery stage deals with the implementation of that plan who's objectives are two-fold, to prevent the existing attack from spreading or getting worse, and to recover data and systems that have been effected by the attack, restoring them and the firm as a whole back to business as usual.
The law and lawyers have been one of the most resilient business sectors ever created, easily tracing it's roots back to the 13th Century in what we could consider to be its modern form and back to the Greeks and Romans well before that. The threats and opportunities posed by cybersecurity to the profession are no less surmountable than others that have been faces in times past. They do however need time, attention and expertise to help adapt to this new world that we all live in.
Fifth Step has been helping firms understand and meet these challenges since its earliest days, and with our knowledge skills and abilities have increased the resiliency of every organisation that we have had the pleasure of working with.
If you, or your partners have concerns about your firm's ability to weather a storm such as that faced by DLA Piper then please contact me, and we will ensure that your concerns are laid to rest.
Contact me on LinkedIn
Contact us by Phone or email