One of the biggest threats to a law firm is undoubtedly a cyber attack. Not only can it disrupt your systems and prevent you from carrying out chargeable work, it is also a reputation killer. If you mention the words “cyber attack” to any law firm, its enough to induce fear and this fear is justified, especially with cyber crime on the rise.
According to Natwest’s Legal Benchmarking survey, as many as one in four law firms have experienced a cyber attack. This is an alarming number.
So why law firms? Well, law firms hold valuable data about clients and individuals as well as large sums of client money – bringing it all together it makes them an ideal target. From May next year, the EU’s General Data Protection Regulation will come into force and businesses that handle EU citizens’ personal data will have just 72 hours to inform data subjects of a breach.
This means that we are likely to see a greater number of cyber attacks being made public.
A lot of money these days is invested into technology to prevent a cyber attack from occurring in the first place, but IF it does end up happening to your law firm, what steps should you take to protect your reputation?
The first step is to make sure there is a detailed plan for communication in the wake of a cyber attack. A recent Solicitors Journal article sets out that the plan should include the following:
- Internal communication with trusted spokespeople
- External communication with trusted spokespeople
- A chain of command for escalating enquiries
- Scripts for reception staff so they know what to say to clients and media
You should also plan out possible scenarios that may happen during a cyber attack and how it affects you, so if an attack does occur, you know how to deal with it. It is also worth investing time into a Q&A document that rehearses possible questions people may ask you.
If the need should arise, it is worth preparing reactive media and client statements ready to distribute. When writing reactive statements, you should always be honest about the situation that has occurred, don’t deny the situation and always put a positive spin in the closing statement.
Finally, it is wise to run through all of these measures as regularly as possible. A cyber attack can happen to anyone at any moment so it is important to be prepared. However, it is worth noting that all the planning in the world may not stop an attack from happening, as criminals are getting ever more sophisticated. That being said, it is better to have protocols in place if it does happen for damage limitation.
To find out more about Hawsons Cyber Security, please click here.