In the typical law or accountancy firm, it’s always the partners who are looked upon to spearhead change and keep the practice moving forward with the times.
But while the partners might know the industry inside out, they’re rarely specialists in IT - and many under-appreciate the growing need for enhanced cyber security as part of that forward-planning.
This lack of awareness isn’t just confined to legal and accountancy firms. A recent government survey found that only 16% of boards in the UK’s FTSE 350 companies truly understand the crippling consequences cyber threats can have.
More than a quarter of respondents (28%) failed even to acknowledge that the risk of a cyber threat is ‘high’.
If this sounds like the partners in your firm, it’s vital that you get them to take online risks seriously. Indeed, given the potential threat of loss and disruption that comes with inadequate defences, you might be putting your own job at risk if you don’t…
In this blog, we’ll identify a strategy for how to get your partners on board with cyber security, and ensure the business is better protected as a result.
Communicate the consequences
Given the apparent lack of understanding around the consequences of cyber attacks, the obvious starting point is to spell out the potential impact to your partners.
Cyber threats come in myriad forms of course, but almost all can cause financial and reputational damage - the two being almost intrinsically linked.
A cyber attack that brings down your firm’s systems and services even for a short period could leave you unable to perform fee-earning work. It will cost the business financially to get back up and running in the short term, while the downtime could lead to an erosion of client trust that ultimately hurts the business in the long term.
An incidence of data theft or loss, meanwhile, will inevitably impact your customer relationships, likely resulting in the loss of clients. More than that though, the stringent regulation that now exists around data breaches means you could be subjected to significant fines or costly investigation.
Indeed, since the introduction of GDPR in 2018, the potential cost of a personal data breach has never been higher. In the most serious cases, the fines levied can be as much as 4% of your turnover - a devastating blow to any business.
With so much at stake, it’s important to make your partners aware of the multi-faceted effect of cyber attacks - and how even a ‘minor’ breach could snowball into reputational damage, lost clients, increased insurances and worse.
Carry out a Gap analysis
While some business leaders need a more thorough understanding of cyber crime consequences, others simply don’t recognise they’re at risk at all.
For many, cyber attacks are things that happen to other people, or are exclusive to global giants.
As well as communicating the potential impacts of an attack, you therefore need to evidence your firm’s current vulnerabilities. Show the partners how and why you’re susceptible to a cyber threat.
Common areas of weakness in law firms’ cyber security generally include things like poor password management, unnecessary admin accounts, a lax Bring-Your-Own-Device policy and insufficient email security standards - but you should carry out a gap analysis to identify and illustrate your firm’s specific weak points.
As a guide, this gap analysis should cover all of the above potential vulnerabilities, as well as looking at things like your wi-fi access, software patching, anti-virus provisions, network security and more.
While highlighting the policies, systems and software that could be prone to exploitation, a gap analysis should also identify the steps you need to take in order to bring standards up to scratch - bridging the gap between your current state and best practice.
Use these steps to create a clear action plan you can share with your partners, rather than just going to them with a problem.
Develop, improve and test your plan
Documenting a cyber security plan helps formalise your approach, making it easier to bring partners on board and to cascade the strategy to other members of the team.
But a cyber security plan shouldn’t be a one-off project. With online threats and data legislation ever-evolving, it’s a plan that will need to be constantly updated and revisited in order to minimise risk and maintain compliance.
Part of your strategy should also include a continuity plan. As much as your enhanced security measures should protect the business from incident, your teams need to know how to respond if something should happen.
These back-up protocols should be regularly tested too. According to the FTSE 350 survey, only around half of businesses (57%) actually do so - but by putting in place firm policies and frameworks, you can ensure continuous monitoring isn’t overlooked.
Over time, these policies will become second nature among your teams, creating a cyber security culture right throughout your firm.
With online threats rising all the time, and data privacy an increasingly hot topic, law firm partners have to be made aware of the importance of cyber security.
To that end, our webinar on the ‘security risks that come with an increasingly complex IT landscape’ could be a key weapon in your armoury.
But while highlighting the potential consequences of a cyber attack is key to getting the message across, it’s equally vital to assess and illustrate the firm’s current vulnerabilities - in order to formulate a plan with which the partners can get on board.
With cyber-attack methods changing by the day, that plan can’t afford to stand still either. You’ll need to evolve, revise and test your security protocols on a regular basis going forward.
Watching our webinar on managing Cyber Security risks from an IT perspective will help you find your way with your plans, and help you stay one step ahead of ever-increasing online threat.