The Optus data breach is a timely reminder that cyber-attacks can impact even the largest of organisations. With cyber security now a hot topic following the Optus event, we wanted to check in with some advice on how to continue to protect your clients and law firm from cyber-attacks.
Cyber security is mandatory
Cyber-attack attempts are a daily occurrence for many businesses – so we want to make sure you are prepared against them. If you haven’t reviewed your cyber security in the past 12 months, make it a priority now. All your digital assets are subject to cyber-attacks; social media, websites, emails and mobile phones can be compromised. Individuals, sole practitioners and small or large business are not immune. Start reviewing your cyber security with this simple guide from the Australian Cyber Security Centre.
Train your staff to spot cyber-attacks
One of most important actions to take is educating all of your staff about cyber security. Investigate available resources and start building cyber security awareness in all your staff through regular education. Your staff must be equipped to recognise the signs of a cyber-attack: a malicious email, phone call, or message is all it takes. Human error is often cited as the reason cyber-attacks infiltrate businesses. Your staff need to know how to keep your data secure as the last line of defence. Ensure your firm has password managers in place and staff never share their passwords with anyone.
Protect every password
If you don’t have two-factor or two step authentication on your accounts, you are at higher risk of a cyber-attack. Two-factor authentication requires you to enter an account password and a one-time code sent to an email or mobile number. By having two steps, you decrease the chance of a hacker accessing or hijacking important information. A password manager program is another tool to implement in your law firm that provides secure management of passwords, providing further protection against human error.
Get professional cyber advice and insurance
You have an obligation to protect your client’s data at all times, so engage the services of a cyber security professional for your business who can assist with your cyber security needs. A cyber-attack is not only a terrifying prospect for your business; it can be life-altering for your clients, leading to further ramifications if you haven’t taken every preventative step to prevent it. Doublecheck your insurance covers a cyber-attack and adequately covers you because if it happens, you need to be as prepared as possible; the impact of a cyber-attack could potentially cripple your business.
Create a cyber-attack marketing plan
If the worst does happen, you need a plan to protect your reputation. Include in the plan how you will advise your clients about what has occurred, how to communicate your progress in rectifying the situation, and what you will do to further protect client data in the future. The key is to communicate promptly be honest and be mindful of your clients concerns. By having a marketing communications plan ready and pre prepared it means careful thought can be given. Then when a cyber-attack happens, you can hope to limit damage as much as possible, doing your best to retain your reputation and enable a return to business as usual in a shorter timeframe. As part of your marketing communications plan, a PR campaign will need to be implemented to manage the firm’s reputation with the general public to limit the damage caused by the cyber-attack.
The Victorian Legal Practitioners Liability Committee has put together an excellent resource that would be worthwhile for your firm to review in detail, offering practical information to help lawyers be cybersafe. Click here to read more.
Cyber-attack prevention is better than a cure
If you need advice, please use the below resources to help guide your law firm on cyber security options.
Helpful links to know about Cyber Security
- Victorian Legal Practitioners Liability Committee
- Get started or refresh on cyber security basics with guidance from the Australian Cyber Security Centre
- Australians impacted by cyber security incidents can contact [email protected] or 1300 CYBER1 (1300 292 371).
- Report all cybercrime and cyber security incidents via ReportCyber.
About the author
Peter Heazlewood is a management and marketing consultant, he specialises in helping law firms develop their practices using business planning marketing and performance reporting techniques refined in his own successful law firm. Peter lives in Sydney with his wife and is the father of five adult children.