Cyber-security for law firms: Everything you need to know for 2022 (Part 5 of 5)

Access Legal has written a five-part blog on cyber-security: Part 5 covers 7 immediate steps to make cyber-security a key part of your healthy ‘no-blame’ culture.

Whilst human error is the cause of 95% of cyber-attacks/data breaches, we all need to recognise that well-informed, well-trained staff are a law firm’s best line of defence against cybercrime. There are so many horror stories increasingly doing the rounds, that it is understandable that staff are terrified of doing something wrong and causing catastrophic consequences for their employers.

It is paramount that firms not only openly encourage their employees to share their concerns and experiences, but that they also reward the right kind of behaviour to develop an open ‘no-blame’ culture. Nurturing a positive culture is clearly going to be key for the success of cyber-security policies, and more importantly a key part of the bigger picture for the success of the profession.

We have captured some key take-aways from our recent webinars and panel sessions with law firms on cyber-security and its place within a healthy workplace culture.

Our top seven take-aways that we believe you will find most useful on this subject are:

1. Make cyber-security a priority

If it is not, I am sure you know it should be. There is always something more pressing and urgent to take up your time. But no law firm can delay this step a moment longer. We urge you to put cyber security at the forefront of developing your law firm’s digital footprint rather than allowing it to be an after-thought. Enough said.

2. Think about learning styles to make your cyber-security training stick

You don’t need us to tell you firms must provide quality training for their staff. It’s a no brainer. But many of the law firms we talk to tell us that there is room for improvement in the way they train their people on cyber-security, which of course can be a very dry subject and therefore difficult to engage with.

Enabling employees to choose their preferred learning style through multiple training techniques including tests, quizzes, eLearning, games, videos, pdfs and audio stories will move your firm beyond annual, tick-box training that has become typical for many organisations. If you adopt short, immersive, and relevant training, little and often that is highly targeted, the impact of your cyber-security policies will increase considerably.

If you need help in this area Access Legal have a lot to offer.

3. Ramp up your communication to staff and join the dots for them

Again communication is obvious. It has to become routine with staff. Let them know what’s happening regularly in the cyber-security world. Don’t take anything for granted. Especially when new cyber risks appear. Use stories and real-life incidents to bring the risks to life at home and work. Keep detailed notes of how you manage any cyber-incidents and share as and when relevant.

Don’t assume that employees knowing what your security policies are will impact behaviours. Firms must join the dots for their employees, and make it crystal clear what is expected of them. Encourage your people to share their own stories to help build their awareness and confidence in doing the right thing.

4. Sit down today and consider the risks of taking on new staff and your leavers

Be rigorous in on-boarding and off-boarding personnel. There are so many risks with both. Give these areas the attention they deserve.

5. Double-check you are making the right back-up choices

Make sure your back-up procedure is fit for purpose – on site/off site, cloud vs server, high security vs fast recovery. A good practice management supplier will provide excellent advice on these matters.

6. Ensure your sign off procedures are hyper-diligent

All the law firm execs we speak to at our cyber-security events have put in place senior stakeholder sign off procedures for sending and releasing funds – typically a minimum two pairs of eyes for all amounts over £5k or an agreed nominal amount. We do not anticipate there are many firms today that don’t have hyper-diligent processes in place for this, but if you are not 100% comfortable with yours, the time to revisit them is now.

7. Revisit your position on cyber insurance

Consider what a specialist cyber insurance policy could offer either by speaking to your insurance broker or a specialist in the industry. Seek recommendations and references.

 

Cyber-security for law Firms – in summary

The stark reality is that cyber-criminals employ a range of ever-evolving tactics to bypass security controls to target employees and are becoming more sophisticated in their approach to breaking down barriers of entry. However, many law firms are surpassing the level of sophistication we are seeing from today’s cyber-criminals by implementing solid cyber-policies and -procedures.

If your firm is interested in a new legal practice management system, from a trusted ISO27001 legal software supplier, or you would like help with your digital learning and compliance for cyber security, please contact Access Legal today on 0845 345 3300 or online.

More cyber-security resources from Access Legal:

 

This is part 5 of a 5-part blog by The Access Group on Cyber-security for law firms.

 

Kindly shared by Access Legal

Main photo courtesy of Pixabay