Law firm strategies for cybersecurity challenges

CTS, in collaboration with LPM Magazine, conducted an exclusive roundtable discussion that brought together distinguished industry leaders from law firms across the country. The main focus of the event was cybersecurity and how law firm leaders, whether technical or non-technical, can contribute to keeping their firms, data and clients secure.

CTS, in collaboration with LPM Magazine, conducted an exclusive roundtable discussion that brought together esteemed industry leaders from law firms nationwide. The topic of this event was centred around cybersecurity and what law firm leaders, both technical and non-technical, can do to help keep their firms, data and clients secure.

The discussions centred on these key issues: monitoring the changing security risk and how to review strategy for managing it, deciding where and when to invest in updated or new security before it’s too late, and optimum threat response and business continuity planning. Amongst our roundtable delegates, we were joined by representatives from Amphlett Lissimore, Coles Miller Solicitors, rradar, Sharpe Pritchard and Maurice Turner Gardner.

In its June 2023 report, the National Cyber Security Centre emphasised how evolving work patterns, accelerated by the COVID-19 pandemic, and the rising complexity of cyberattacks have rendered law firms more vulnerable. To kick off the discussion, the roundtable attendees were asked: “How do you identify and stay updated on emerging security risks?”

Identifying threats via media monitoring

After a brief mention of a recent news story about a law firm being reprimanded by the ICO due to an unreported data breach, one panellist emphasised the significance of monitoring the news and media as a critical practice for law firms aiming to stay informed about emerging cyber threats. News outlets and media sources offer up-to-the-minute updates on cybersecurity incidents and evolving threats, allowing law firms to gain valuable insights into the tactics used by cybercriminals and, consequently, strengthen their own security measures.

Another participant recommended leveraging online industry resources, like the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO), for valuable practical guidance. Echoing this sentiment, another delegate championed Cyber Essentials as a valuable resource for law firms lacking Managed Services Provider support or extensive cybersecurity knowledge and experience. Cyber Essentials, a government-backed program, effectively aids senior leaders in organisations of all sizes to protect against a broad range of common cyberattacks.

A Cyber Essentials certification provides law firms with enhanced cybersecurity, increased client trust, regulatory compliance support, a competitive advantage, and streamlined security practices, all contributing to effective risk mitigation.

Artificial Intelligence: obsessed or opposed?

Digging deeper into the discussion of security concerns, the panel was questioned whether they or their respective firms had considered the influence of Artificial Intelligence (AI) on security. The roundtable facilitator also noted a varied response they had observed concerning generative AI, including ChatGPT. ChatGPT, an AI-driven natural language processing tool, facilitates human-like conversations and performs various tasks, including answering questions and assisting with writing tasks, such as emails, essays, and coding.

While it holds promising benefits, its potential risks remain uncertain, which is why one delegate’s firm has taken a cautious approach by completely blocking the tool on internal work devices. Their concern centres around the challenge of controlling the data that end-users may input and where this data may ultimately be transmitted or stored. Considering other forms of artificial intelligence, another delegate highlighted their firm’s active use of AI technology for enhancing security measures.

In their case, the firm has implemented an AI-driven cybersecurity solution, which employs advanced algorithms and machine learning to monitor network traffic and detect unusual patterns or anomalies that may indicate potential security threats. By continuously monitoring network behaviour, the firm can identify both known and emerging threats, thereby fortifying its defence against an evolving landscape of cyberattacks. Fortifying the Legal Firm “Networking events, such as this roundtable, and speaking to similar firms and other industry leaders can be a brilliant way of sharing experiences and strategies and making sure you’re on the right track.”