In the third of our ‘A conversation with’ features we spoke with Jill Dovey, Associate Solicitor at Muckle LLP, a highly successful Commercial Law Firm based in Newcastle upon Tyne on the cybersecurity issues the sector faces.
XQ: What do you consider to be the biggest cybersecurity issues faced by the legal sector?
Jill: Law firms transact significant sums of money and hold particularly sensitive data so our biggest issues are data breaches and phishing scams. We have a regulatory responsibility to protect client money and assets, and cybercrime can present a significant risk to this. Law Society research found that the amount stolen from law firms through phishing in the first quarter of 2017 was 300% higher than the previous year. The Solicitors Regulation Authority estimates that more than £11m of client money was stolen by cybercriminals between 2016 and 2017.
The National Cyber Security Centre (NCSC) earlier this year published a cyber threat report to the UK legal sector. It also identified ransomware as a significant cyber threat and that law firms’ positions in supply chains can make them an attractive target for cybercriminals.
XQ: The Panama Papers incident must have been a wake-up call to the legal sector, in your experience have you noticed an increased focus on cybersecurity since then?
Jill: Yes, absolutely. I think we were all aware of the risks of cybercrime but the Panama Papers was certainly a turning point that shot this issue to the top of our agendas and put it under the spotlight. This, alongside the introduction of the General Data Protection Regulation (GDPR) in May, has led to extensive reviews of our practices and procedures.
XQ: How in your view can the industry be encouraged to do the cybersecurity basics?
Jill: We need to learn from the experiences of others and be more open to publicising cybersecurity issues so that awareness of the threats and potential mitigating factors is raised. It’s not something that can just be left to the IT team – we are all responsible for being vigilant and taking steps to protect the money, assets and information we are trusted with. The NCSC has launched a legal sector group on the free Cyber Information Sharing Platform (Cisp), which is a great resource.
As a starting point, I often signpost clients to Cyber Essentials and Cyber Essentials Plus.
XQ: What do you think will be the biggest challenges law firms will face in the future?
Jill: Like all professional services, keeping pace with emerging technologies and adapting to the needs of our clients and their businesses as well as our people is the biggest challenge. We are seeing increased usage of AI and Blockchain in particular in the legal sector with some roles and tasks being replaced with technology solutions, such as disclosure reviews. We need to learn to adapt and embrace change even more, which is not easy given most lawyers tend to be very risk averse by nature and slow to introduce new working methods and tools.
XQ: How do you think the legal sector can help close the cyber skills gap?
Jill: Most lawyers today do much more than simply advise on the law. We are trusted business advisors asked to assist and advise in many different situations, given our core skill sets. Raising awareness and sharing our experiences is essential. I was thrilled to be asked to present recently at CyberFest, an event ran by Dynamo North East to raise businesses’ awareness and demystify some of the threats we are all facing.
XQ: What things keep you or your clients awake at night regarding cybersecurity?
Jill: The potential to now be fined up to 20 million Euros or 4% of global annual turnover if that’s higher under the GDPR has been giving lots of us a lot of sleepless nights. Barely a day goes by without some sort of data breach hitting the headlines. Trying to stay one step ahead of the cybercriminals without bankrupting our businesses with the overhead of cybersecurity tools and ensuring we can all do our jobs and access the data we need, where and when we want to, is an ongoing struggle with no end goal in sight.
XQ: Reputational impacts of a data breach can be particularly harmful to a law firm; what measures have you got in place to reduce the potential fallout?
Jill: We have an incident response plan which covers a wide spectrum of threats which may affect our business, including data breaches. Part of this plan considers how we will communicate with our people, clients, business partners and the wider community who may be affected.
We’ve held a Cyber Essentials accreditation since 2013. It’s a national standard that demonstrates we have appropriate and robust protection to defend against cyber threats. We also have Cyber Insurance which helps us to mitigate and manage the financial risks, specifically around phishing scams.
The key in these situations is that we find out about a breach or potential breach, quickly. We have an open, transparent and trusting culture internally where we actively encourage people to report any incidents, no matter how minor they may appear, to our data protection lead so we can respond appropriately.
XQ: What's your advice to clients concerned over information security?
Jill: Talk to the experts. Every organisation is different, what is right for one client won’t necessarily be right for the next and investing in professional advice in this area is essential. It’s not something you can just throw money at and no one tool is going to guarantee you are secure. You need an embedded strategy across your business and whilst your people can be an inside threat, they can also be your best defence in this cybersecurity war.
XQ: Do you encourage a cyber aware culture in your staff and clients?
Jill: Yes. Internally we have an ongoing programme of training and raising awareness which includes our IT team running simulated phishing scams to see if anyone recognises the threat or even provides data they shouldn’t do. For clients, we regularly run events to help raise awareness and publish newsletters and articles on cyber issues to help keep them informed.
XQ: Thanks Jill.
Muckle can be found at https://www.muckle-llp.com/