Cyber safe and secure
Doubtful as it is that correspondence from legal regulators and representative bodies fills the recipient with unalloyed glee, it is unlikely to be filed aside as ‘Spam’, or ignored entirely. E-mails from trusted institutions are often opened almost reflexively: the content is certainly to be trusted, possibly essential, and likely to be of relevance. Failure to open correspondence from a regulator is rather like failing to hand over a school report to parents – you can ignore it, but it won’t go away.
As the Law Gazette has reported, however, it is for this very reason that email addresses purporting to be from trusted senders are a key tool in the cyber-criminal toolbox. A recent spate of ‘Trojan Horse’ e-mails has purported to be from the Law Society – and, ironically, included a subject line apparently notifying the recipient of fraudulent activity. A combination of a recognised sender and an alarming subject is very much a win-win for the cyber-criminal, ensuring a good rate of viral infection (though the eagle-eyed might well have spotted the peculiar email addresses, in which a random series of letters and numbers preceded the more usual @lawsociety.org.uk).
The need for chambers and firms to implement a sound cyber-security strategy has never been more urgent. With each foiled attempt, cyber-criminals devise ever more inventive means of attack. A recent development is the ‘drive-by’ or ‘watering-hole’ attack, which would not look too out of place viewed over popcorn. Websites likely to be browsed by the target – such as a legal news website of interest to a barrister – will be compromised, so that when the target opens the site, a virus enters as they browse, eventually infecting the entire network.
There are, of course, innovative legal tech developments to assist lawyers with maintaining the security and integrity of their IT systems. Indeed, the SRA has recently commended the Cloud as a secure data storage and sharing option. You can pocket a USB stick containing confidential client data, but hacking Cloud storage and – more importantly – decrypting the data is a formidable task beyond the means of most.
Providing a safe, confidential and expert service to clients in the twenty-first century legal landscape demands a willingness to engage with tech innovations – but with that willingness comes risk. Failure to protect clients by protecting data leads not only to reputational damage and financial loss, but can bring stringent punitive measures from the regulators.
Moving towards IT solutions such as eDiscovery, secure 24-hour access to shared data storage and digital bundles should be matched with a rigorous cyber-security strategy. It is therefore essential to work alongside litigation support professionals such as Legastat, who will place cyber security at the heart of their work - helping to protect you, and safeguard your clients.
For more information about Legastat:
Contact us on 0800 064 0204
Follow us on Twitter
Email us at firstname.lastname@example.org
Find us at www.legastat.co.uk