Cybercrime has been a thorn in the side of businesses for years now, but the move towards remote and hybrid working has made things a whole lot worse.
Tessian research has found that a third of organisations faced an increased threat of phishing attacks during the lockdown period. Meanwhile, in the legal sector specifically, the amount of client money stolen from UK law firms in the first half of 2020 was £2.5million, more than triple the amount from the first half of 2019.
This new wave of cybercrime has forced law firms to reconsider their security provision, and assess whether their current approach is suitable for a long-term future where hybrid working is likely to be commonplace.
Why has cyber crime increased in the legal sector?
Before determining what the solution is, it’s important to understand the root of the problem. There is no single ‘smoking gun’ to explain why cybercrime has gained so much traction in the last year or two; instead, there are several different factors at play:
Lack of protection: the robust, enterprise-grade security that protects data, devices and applications in an office do not necessarily extend to employees’ at home. This was particularly the case at the start of the pandemic, when many organisations bypassed their usual procedures to get home workers set up more quickly. Many cybercriminals have exploited the relatively low security standards applied to home-working, where the likes of antivirus or anti-malware scans may not be run regularly, and enterprise prevention and detection measures are absent.
Misplaced devices: employees moving between different working locations (e.g. between home and the office) are at greater risk of loss or theft of their devices - and the information and system access within them. This can affect even the most sensitive and secure of information, such as the classified Ministry of Defence documents recently found at a bus stop.
Stress and anxiety: at a time of crisis such as the pandemic, it’s human nature for people to seek out information that can inform and reassure them. Some cybercriminals have taken advantage of this to disseminate fake coronavirus news websites that have turned out to be phishing scams. At a time when, according to Deloitte, the average remote working data breach can cost a company £98,500, this can have a serious impact on a business.
Human error: working from home can bring a whole new level of distractions to people during their working day: family, visitors, pets, household chores, the TV on in the background and so on. With less focus on their tasks, employees can easily make mistakes that compromise security, such as giving system or data access to the wrong people.
How can law firms protect hybrid workers?
The good news is that addressing these issues doesn’t necessarily have to be complex. Much of it is simply applying the fundamental principles of good security practice in a different context that covers the different locations and circumstances that employees are working in. These include (but aren’t necessarily limited to):
- Antivirus: extending licences for antivirus and anti-malware solutions for employees to use on personal devices
- Awareness: regular briefings on security best practice and likely phishing attack methods can help develop a state of vigilance among the workforce
- Home security: encouraging stronger protection for remote workers through better passwords and VPN use
- Regular reviews: a constant approach to assessing security solutions should be taken, encompassing identification of weak spots, and business continuity plans in the event of a crisis
At a more technical level, law firms should also explore the solutions that a partner can provide, which can then help them use the likes of host checking, intelligence, risk management and zero-trust to further ramp up protection across the business. But in a climate where cybercrime is still on the rise, and the legal sector is still struggling to adjust to a sea-change in its working practices, there’s no time to lose in ensuring hybrid work is safe work.
Oosha’s Digital Workplace solutions have built-in protection that’s designed with law firms in mind. But for those with a solution already in place, security cannot wait until your next IT review. Our Managed Security solution can help you ensure complete security of your sensitive information.