With revelations that researchers discovered a trove of files on the dark web containing nearly 1.2 million email addresses and credentials from 500 of the UK's top law firms, our session at ‘Securing The Law Firm: Special Session’, could not have been better timed.
The event gathered a range of speakers from outside the legal industry, including our CTO Matt Little, to help communicate the key foundations of cybersecurity. In an industry that is notoriously reluctant to talk about cyber threats, this event was aimed at helping them put in place the fundamentals to protect themselves - and their clients. Below we’ve compiled three key takeaways from the session:
Firstly: technology. In a nutshell, ZoneFox enables visibility of the type of data that people access, and so we’ve certainly made some concerning discoveries when put to work inside law firms. These have included everything from data leaks to China to unreported ransomware, the disabling of security controls and password cracking tools to unauthorised access to payroll data. This type of illicit activity should set alarm bells ringing in law firms across the globe; however, there’s no need to be afraid, as ZoneFox enables IT leaders to spot anomalies and identify the types of behaviour that may be leaving sensitive data exposed.
Secondly, frequent education and training is key. Software and hardware will only get you so far; instead, it’s important to create a collaborative environment where everyone feels comfortable discussing their cybersecurity concerns. The alternative is a situation where, say, a junior falls for a socially engineered phishing scam and doesn’t tell anyone, resulting in the accidental leak of data to nefarious hackers without anyone else knowing.
And lastly, educational initiatives can range from rewards-based incentives, which would accompany routine pen-testing, to workshops and even just to informative posters around the office. By making cybersecurity a mainstream conversation, rather than the reserve of the IT department, law firms can optimally detect, analyse, and respond to threats. remain fresh.
The panel concluded that if the legal sector wants to avoid the cybersecurity damage felt by the health sector post-WannaCry, it must act now. With cybercrime now a mainstream conversation, law firms should capitalise on this moment to encourage a true culture of cybersecurity. After all, if you get people to think about security at home, they’ll bring it into work.
Sign up for our newsletter and never miss a trick!Sign up today!