Cyber attacks ‘are everyone’s problem’ in law firms
It is the duty of all within legal practices to ensure sensitive data is protected from outside attack, not just dedicated cyber teams, argues a security awareness expert.
Cyber attacks do not discriminate, explained Mimecast senior vice president of security awareness Michael Madon, and can affect every firm – whether you’re a boutique or BigLaw outfit.
As such, cyber attacks are everyone’s problem in a law firm, he posited.
“With the security landscape changing so rapidly, and law firms often steadfastly established in the way they operate, it can be difficult to get internal buy-in to increase security technology and awareness,” he said.
“Yet by their very nature, law firms manage sensitive information every day, and it is a duty to the client to ensure this information remains secure. The digitisation of information requires a new way of thinking and an added resilience to counter potential cyber attacks.”
But too few in the legal profession are actively concerned with such matters, Mr Madon noted.
“Traditionally, law firms are focused on supporting clients and managing billing in six-minute increments. Any training is more likely to be spent on delivering a better service to clients rather than on being cyber security aware,” he said.
“For the firms [at which] cyber security is a priority, it is more likely that this comes in the form of a technology investment, such as a security add-on, rather than a time investment in awareness training. Cyber security is not a case of one or the other, to be successful it needs to be complementary. This is especially the case 90 per cent or more of cyber security breaches occurred as a result of human error. For any business, taking an ‘It won’t happen to me,’ approach could potentially prove devastating.”
Smaller firms that are concerned about the financial cost of such cyber protections need to consider that the professional cost of an attack will be much greater, Mr Madon said.
As such, cyber security training awareness is fundamentally important for firms across the board, and the professionals within them.
“Law firms of all sizes need to tackle cyber security from multiple angles, and this includes educating employees on taking responsibility to protect themselves, their organisation, and their clients against cyber attacks,” he said.
“With the blurring of technology use and access between work and home, law firms need to keep cyber security front of mind whether they are in the office, at home, or when travelling. Security awareness training has to be developed with the needs of each organisation in mind, embraced by senior partners, and introduced across a firm to ensure everyone is part of the cyber resilience journey.”
Jerome Doraisamy
Jerome Doraisamy is the editor of Lawyers Weekly. A former lawyer, he has worked at Momentum Media as a journalist on Lawyers Weekly since February 2018, and has served as editor since March 2022. He is also the host of all five shows under The Lawyers Weekly Podcast Network, and has overseen the brand's audio medium growth from 4,000 downloads per month to over 60,000 downloads per month, making The Lawyers Weekly Show the most popular industry-specific podcast in Australia. Jerome is also the author of The Wellness Doctrines book series, an admitted solicitor in NSW, and a board director of Minds Count.
You can email Jerome at: