Goodbye job applications, hello dream career
Seize control of your career and design the future you deserve with LW career

5 cyber security tips for firms

Cyber security is becoming more and more of a priority for law firms in the modern workforce. Maintaining protection is a collective effort and requires the right attention.

user iconJack Campbell 25 March 2024 Big Law
expand image

Editors note: This article originally appeared on Lawyers Weekly sister brand HR Leader.

Studies show that the average cost of a data breach is $3.35 million. Since the Australian Parliament introduced the Notifiable Data Breach (NDBS) scheme in 2018, data breach reports have risen by 712 per cent. Meanwhile, the number of individuals impacted by data breaches increased by 564 per cent between Q4 2020 (8 million) and Q1 2021 (51 million).

These alarming statistics prove just how damaging and rampant these breaches are. This is why businesses and employees alike need to be up to date on how to identify and mitigate potential cyber attacks.

Anaïs Beaucousin, chief business security officer (CBSO) at ADP International (pictured), outlined five important considerations for protecting business assets from cyber crime:

  1. Align security strategy to business vision.
“The primary role of a CBSO is to help deliver growth for the organisation while keeping up with the pace of continually evolving threats. To achieve this, you need to align security practices with your business strategy and vision,” said Beaucousin.

“Consider cyber crime as an example – cyber criminal groups often have business models, structures, and functions now that resemble those of mainstream companies. Though these threats operate discreetly, awareness among clients and the public is growing, reaching beyond the cyber security experts.

“Therefore, cyber security cannot operate as a silo; it must be woven into the fabric of your business. Aligning your security strategy with your organisational vision not only helps to safeguard the company and its customers but can help you drive business impact and protect your brand.”

  1. Ensure security by design.
Beaucousin commented: “By prioritising the integration of security measures across all facets of operations, a company can fortify itself against potential threats and vulnerabilities. Embedding security by design is critical for the business and for your stakeholders. When done right, it can help foster trust among employees, customers, suppliers, and partners.”

  1. Stay two steps ahead of threats.
“To stay two steps ahead of threats, you need a team of outstanding security professionals and a solid plan for keeping the business running smoothly, even when things go wrong. Working together with the business is key. By being an active participant in the business, the security team can provide valuable insights and informed suggestions precisely when needed,” explained Beaucousin.

  1. Make it personal.
Beaucousin said: “While possessing cutting-edge security tools is crucial for protection, recognising and addressing vulnerabilities beyond technology is equally vital. Human error, a significant vulnerability, is often exploited by cyber criminals who use social engineering tactics like phishing or pretending to be insiders to extract sensitive information. In the realm of generative AI (GenAI), human error can also expose vulnerabilities that cyber threats can exploit.

“Companies, therefore, should collaborate closely with developers to bolster their defences. It is essential to carefully oversee the use of new technologies like GenAI to improve security measures, ensuring that any enhancements come without compromise. To truly strengthen workplace security, everyone needs to understand why it matters and what it means to them. A good place to start is by transforming security from office talk to a compelling narrative that makes us all responsible. You can achieve this by talking to employees about the impact of security within their specific roles. If people know how their responsibilities can impact their brand, clients and colleagues, they will be more likely to take action.

“You can also share real-life stories and examples [that] highlight the potential impacts of security lapses in a workplace context. Use relatable situations that employees can easily imagine themselves in. This could involve incidents within the industry or analogous scenarios that emphasise the impact on individuals and teams ... It is equally important to have a well-defined communications strategy. You need to be able to make a judgement call on what, when and how much information to share with employees without causing unnecessary panic. You want your people to be ready, not scared.”

  1. Test, measure, repeat.
“Regularly measuring security performance is vital for a strong defence. This can involve daily assessments of attempted attacks and potential vulnerabilities, along with weekly or monthly reporting for a comprehensive overview,” said Beaucousin.

“Sharing reports regularly with various business units ensures stakeholders have a complete picture of the corporate risk landscape, fostering a culture of security awareness and responsiveness. Where appropriate, share updates with employees as well – at town halls or on your intranet. The more they know, the more prepared they can be.”

You need to be a member to post comments. Become a member for free today!