Cyber Security in the Legal sector

The large volume of highly valuable commercial information such as client records, banking details, contracts and legal records held by law firms makes these and other professional services organisations a prime target for cybercriminals.

As attacks become increasingly targeted and well-funded, many firms within the professional services sector can struggle to suitably defend themselves. Law firms, for instance, are often seen as a weak link in the security chain, as adversaries seek to use them as a conduit to gain highly personal, business critical or commercially sensitive information about their clients.

Common cyber security challenges in the professional services industry

  • •   Understanding what data is stored and how vulnerable it is
  • •   Protecting highly distributed IT infrastructure
  • •   Achieving compliance with the GDPR and other legal standards
  • •   Maintaining client confidentiality
  • •   Meeting the data security and policy requirements of clients
  • •   Overcoming a lack of in-house security skills and resources
Key security questions for law firms
  • •   How often is digital infrastructure tested for vulnerabilities?

  • •   Are suitable controls in place to defend against targeted attacks?

  • •   Are systems able to identify threats that bypass the perimeter?

  • •   Are staff sufficiently trained about information security risks?

  • •   Is there a plan in place to detect, remediate and report breaches?

  • •   What systems and controls are in place to mitigate insider threats?

  • •   How is the personal data of clients processed and protected?