Cyber security: what’s important for practitioners?

26/10/2023 00:00:00

See the key areas to focus on for mitigating the risk of online attacks.

As part of the Technology Committee’s focus on cyber security, Law Society Practice Support hosted an information session with Tanya Moeller, Vice Chair of the Technology Committee, to discuss the recent Gazette articles on cyber security. The session explores what practitioners can learn from these articles. Watch it on YouTube or listen via SoundCloud below.

Fighting cyber crime in the office – cyber security tips

  • If something doesn’t feel right, it normally isn’t: Irish law firms have been victims of increasing numbers of sophisticated and complex cyberattacks in recent years. Human error is still the main cause of cyberattacks but, by training staff to recognise suspicious emails and attachments, these attacks can often be prevented. Changing staff behaviour is important to identifying and preventing threats and attacks.

  • Do you have a plan? Carrying out a risk assessment is important to best understand the vulnerabilities in your firm. It is best completed by a qualified third party if possible, to ensure an unbiased report and outcome. An assessment involves technical and non-technical aspects. Put a plan in place to respond to a cybersecurity attack.

  • Train your staff: Provide regular training to staff on cyber security. Encourage staff to report suspicious emails and ensure they understand the firm’s cyber security processes. Double check and verify all details through a second communication channel, and get another person to confirm details on important contracts and transactions.

  • Help your colleagues by reporting a cyber incident: Making your colleagues aware of an attack helps improve prevention and avoidance of possible successful attacks. Reporting can be done anonymously via the Law Society online report form.

  • Cyber Security Insurance: The standard Professional Indemnity Insurance cover only indemnifies practitioners against the loss of client funds. It does not cover the practitioner's own losses or costs in the event of a cyberattack, but separate dedicated cover is available. Brokers can advise on the appropriate cover for your firm.

Cyber security checklist

  1. Carry out regular risk assessments.
  2. Develop and regularly update a plan for recovery.
  3. Regularly train employees to recognise suspicious emails and attachments.
  4. Limit personal use of business email and browsers.
  5. Create strong passwords and change these regularly with agreed protocol.
  6. Create safe ways to work when commuting or working remotely.
  7. Avoid open public Wi-Fi networks.
  8. Log out from your computer when finished work or away from your computer.
  9. Choose between hosting information on a local server and using cloud servers.
  10. Avoid using hard drives, such as USB sticks. to transfer important data.

Further information

For more information and resources to protect your clients and practice, see Cyber Security.

 

Justin Purcell is the Law Society’s Practice Support Executive.