Cybersecurity basics: 6 top tips for lawyers to ensure their data remains secure

Cybersecurity basics: 6 top tips for lawyers to ensure their data remains secure

 

According to recent ONS figures, there were 1.6 million computer misuse offences in the last 12 months. Although cybercrime affects all types of businesses and individuals, the legal sector is particularly vulnerable to malicious hacks due to the highly confidential nature of client data.

As well as the data protection rules which apply to all businesses under the Data Protection Act and General Data Protection Regulation (GDPR), businesses have an additional obligation to keep client information confidential, under Rule 4 of the SRA handbook. Failure to implement sufficient cybersecurity measures can therefore lead to enforcement action from both the Information Commissioner’s Office (ICO) and the Solicitors Regulation Authority (SRA). Furthermore, a hack can lead to serious reputational damage. So what lawyers do to prevent their data being compromised?

 

The importance of cybersecurity awareness

 

As a first step, all companies and business leaders should be aware of the main types of cybersecurity threat, which include:

  • Password hacking - malicious hackers often use software which automatically attempts to obtain someone’s password by trying to log in to their account over and over again with different permutations of possible passwords until they find one which works - a process known as ‘brute force cracking’.
  • Phishing - this normally takes the form of an email which purports to be from a legitimate business or organisation and invites the recipient to divulge their login details. Phishing emails often have sophisticated ways of disguising themselves and appearing genuine, such as using logos and masking email addresses.
  • Malware - this is software which needs to be installed on a victim’s computer and then works in the background to collect personal data or lock someone out of their own files. Malware is often injected onto a device via a phishing email which encourages the recipient to click o

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:
Alex Heshmaty is a legal copywriter and journalist with a particular interest in legal technology. He runs Legal Words, a legal copywriting and marketing agency.