How can law firms protect themselves from cybercriminals?

By Oren Speiser
Founding Partner at Granot Speiser Law Office (Israel)

As technology becomes a more integral part of our personal and professional lives, it is little wonder that cybercriminals are expanding their operations to target more organisations.
Some cybercriminals are seeking money, others look to access sensitive data, while others seem to simply relish in causing problems by disrupting systems with cyber-attacks.
As a law firm, you are firmly within the crosshairs of cybercriminals and it is imperative that you protect yourself and your clients.
Yet in an interconnected world, it can feel like a daunting challenge to improve cybersecurity when working across jurisdictions.
In the same way that the Lexlink network enables you to share your legal and cultural knowledge across jurisdictions, that same network can empower you to improve your cybersecurity practices by learning from others.

What are the main risks to cybersecurity?

Some may feel that the challenges of cybersecurity are insurmountable, given the complexity of the systems that are targeted by cybercriminals.

It is true that the technology you utilise can open you up to risks from cybercriminals if it is used incorrectly.

Using outdated software, like the recently discontinued Windows 10, or failing to install the latest updates, can leave systems open to vulnerabilities that are easily exploited by cybercriminals.
However, the main cause of cybercrime is social engineering.

A cybercriminal is far more likely to gain access to data or funds by sending a well-crafted phishing email or using a fake phone call to convince employees to act against their own best interests.

The rise of AI has enabled phishing and scams to become more elaborate than they were previously, with cybercriminals able to copy the voice and likeness of senior staff.

This means that employees may feel that they are following legitimate instructions when they give the cybercriminal access to the system or when they transfer funds.

To combat this, providing robust training to every member of the team as soon as they are onboarded is vital.

This can help them spot phishing emails more easily and know how to respond to spoofed calls or messages.

You are also required to maintain professional back-ups for all information so it can be easily accessed and restored in an event of system blockage.

As part of your cybersecurity obligations, you should also get good cyber insurance to protect you in the event that something does go wrong.

Is there any significant difference in cybersecurity across countries?

Different countries have different legislation that imposes varying rules on technology companies and data protection obligations.

While this is often due to a lack of resources or engagement by those running the country, it need not be reflected by those operating within it.

Understanding cybersecurity best practices and adjusting your approach accordingly will allow you to transcend the obligations and compliance measures of an individual jurisdiction.

In order to maintain client trust and firm integrity, you should endeavour to keep all data confidential and secure.

This means using software capable of storing data in a way that complies with the highest standards of cybersecurity and cannot be accessed by unauthorised individuals.

Alongside this, training for cybersecurity best practices is universal and should not be limited by jurisdiction.

Phishing and social engineering are risks wherever your firm is based or operates, as these remain the most efficient ways for cybercriminals to access systems.

How can Lexlink members address cybersecurity issues?

In much the same way that our members can share legal and cultural advice across borders, we also encourage a collaborative approach to cybersecurity.

This means that firms in countries with higher standards of cybersecurity can use that knowledge and expectation to teach those operating in places where there are fewer obligations.

This will improve the overall approach to cybersecurity in the network and further the mission of Lexlink to drive up standards across the globe.

We all benefit from the professional connections forged as part of the network, so be sure to share your cybersecurity tips with colleagues in different jurisdictions.

For more help and guidance about the support we offer for cybersecurity, be sure to get in touch with our team today.