95% of law firms are not compliant with their own cybersecurity policies

A report released by LogicForce has found that 40% of law firms experienced a breach in 2016 and were not even aware of it.

The report indicates that 95% of firms assessed were not compliant with their own data governance and cybersecurity policies, and 100% were not compliant with their clients’ policy standards.

Moreover, law firms faced frequent threats: on average 10,000 network intrusion attempts and 1,000 invalid login attempts daily.

This news has been further highlighted by the recent malware attack at DLA Piper.

Law firms are a known and open target

Law firms are known to be part of a highly targeted industry because of the volume of trade secrets, intellectual property and M&A activity.

As a result, information security experts are cautioning law firms to be more vigilant than ever before when protecting their information.

How to get secure without breaking the bank

It is important to emphasize that firms don’t have to spend millions of dollars to tighten up their security controls and improve their information security posture. Implementing the latest and best technology isn’t the answer because risks come in various guises and should be tackled organization-wide.

Eight steps that law firms can take to reduce their data breach risks immediately:

  1. Conduct an assessment to establish what data needs to be protected
  2. Tighten up security controls
  3. Frequently patch operating systems and applications
  4. Implement two-factor authentication and encryption
  5. Implement a robust information security auditing process
  6. Conduct regular staff awareness training to improve cybersecurity vigilance
  7. Regularly review and update information security plans
  8. Implement a holistic ISMS (information security management system) that addresses information security across people, processes and technology

ISO 27001 provides a proven framework that helps organizations implement an ISMS to protect their intellectual property, client data and corporate information through effective technology and controls, including auditing and testing practices, organizational processes, and staff awareness programs.

By implementing the Standard, a firm implements a risk management approach to information security which means the regular identification and management of information security risks, thereby ensuring that it is constantly evolving to adapt to the latest threats.

There is a reason that ISO 27001 is the third-fastest-growing standard in the world. Nearly 30,000 companies have already taken the step to achieve certification to the Standard, enabling them to reap the benefits of an independently audited security posture. In the USA alone, ISO 27001 certifications are growing at 91% year-on-year.

To find out more about ISO 27001,
download our free paper now.





No Responses