What your law firm can do in the event of a cyber attack

May 8, 2017
Author: Simon Bladen
Simon is one of the firm's Audit Partners. Simon is responsible for looking after the firm’s legal, charitable and not-for-profit clients.
cyber breach

How should law firms deal with a cyber attack?

One of the biggest threats to a law firm is undoubtedly a cyber attack. Not only can it disrupt your systems and prevent you from carrying out chargeable work, it is also a reputation killer. If you mention the words “cyber attack” to any law firm, its enough to induce fear and this fear is justified, especially with cyber crime on the rise.

According to Natwest’s Legal Benchmarking survey, as many as one in four law firms have experienced a cyber attack. This is an alarming number.

So why law firms? Well, law firms hold valuable data about clients and individuals as well as large sums of client money – bringing it all together it makes them an ideal target. From May next year, the EU’s General Data Protection Regulation will come into force and businesses that handle EU citizens’ personal data will have just 72 hours to inform data subjects of a breach.

This means that we are likely to see a greater number of cyber attacks being made public.

A lot of money these days is invested into technology to prevent a cyber attack from occurring in the first place, but IF it does end up happening to your law firm, what steps should you take to protect your reputation?

The first step is to make sure there is a detailed plan for communication in the wake of a cyber attack. A recent Solicitors Journal article sets out that the plan should include the following:

  • Internal communication with trusted spokespeople
  • External communication with trusted spokespeople
  • A chain of command for escalating enquiries
  • Scripts for reception staff so they know what to say to clients and media

You should also plan out possible scenarios that may happen during a cyber attack and how it affects you, so if an attack does occur, you know how to deal with it. It is also worth investing time into a Q&A document that rehearses possible questions people may ask you.

If the need should arise, it is worth preparing reactive media and client statements ready to distribute. When writing reactive statements, you should always be honest about the situation that has occurred, don’t deny the situation and always put a positive spin in the closing statement.

Finally, it is wise to run through all of these measures as regularly as possible. A cyber attack can happen to anyone at any moment so it is important to be prepared. However, it is worth noting that all the planning in the world may not stop an attack from happening, as criminals are getting ever more sophisticated. That being said, it is better to have protocols in place if it does happen for damage limitation.

To find out more about Hawsons Cyber Security, please click here.

Charles Kavazy

Charles Kavazy

Charles Kavazy heads up the firm’s IT services providing independent IT advice helping businesses with data security. He also helps businesses purchase, implement and get the most out of their software and hardware. For more information or advice on anything covered in this article, please contact Charles on ck@hawsons.co.uk or 0114 266 7141.[/author_info]

About this Author

Simon Bladen, Partner

Simon Bladen is the partner responsible for looking after the firm’s legal clients and has worked at Hawsons throughout his career. For more information or advice on anything covered in this article, please contact Simon on slb@hawsons.co.uk or 0114 226 7141.[/author_info]

Free initial meeting

Solicitor Newsletter Sign-Up