How can law firms and other organizations take steps to increase their cyber resilience in the face of continuing threats?
There are steps they can take
Several influential reports - as well as numerous news stories - have shed new light on some of the challenges that law firms face when dealing with cybersecurity threats. With cybersecurity breaches increasing and many firms still operating under a more dispersed workforce with increased technology risks, it is more critical than ever before to build a fully resilient cyber-defense business strategy.
Underprepared for significant business threats
Cyber-incidents are topping the lists of the
The
Right now, there are three steps law firms can take to bolster their existing cyber-risk profiles, including:
1. Enhancing hybrid workforce security
Since the global COVID-19 pandemic in 2020, many firms are still operating under a remote or hybrid workforce situation. The distributed nature of today's workforces increases a firm's cybersecurity vulnerability because workers either use their personal computers for work or use their work laptops for some personal tasks. Additionally, third-party apps designed to foster collaboration and increase productivity are increasingly problematic. They could open the door to a cyber-attack because many have limited security tools, their default security options are not optimal, and it can be challenging for IT teams to access an app's cybersecurity settings.
Do your employees have the right skills to protect against cyber-attacks? One way to educate employees is to conduct cyber-crisis exercises. Best practices suggest this must happen more than once a year. A report in Dark Reading, a widely read cybersecurity news site, provides a benchmark for employee cyber-resiliency: 'An analysis of more than 6,400 crisis response decisions shows that technology and financial services companies prepare the most for cyberattacks, running nine and seven exercises per year, respectively.'
2. Strengthening the partner ecosystem
Three-quarters of the CEOs in
What can you do to beef up your partners' risk profiles? Experts recommend an approach that focuses on three Cs:
Tightening contracts and compliance to introduce additional controls and restricted access for third parties;
Exploring avenues for collaboration and community to share intelligence and increase knowledge; and
Increasing cooperation; because this issue is both global and systemic, it is challenging for a single function (IT) or entity (your firm) to do this alone. Exploring intra-industry, cross-sector, and public-private paths is essential to mitigating future cyber-risks.
3. Staying on top of technology innovations
The nature of cyber-attacks is that they are constantly evolving. While malware, ransomware, phishing, and social engineering attacks are common, newer technologies pose new risks. Security software company Symantec reports that, on average mobile app stores block 24,000 malicious mobile apps daily; while others have noted cybercrime is becoming more scalable and, therefore, more accessible for bad actors to launch more sophisticated attacks.
Indeed, the increased frequency of attacks is happening as experts are starting to realize the limitations of traditional risk-prevention methods such as standard password authentication, static networking, and trust-based security systems. But technology advancements also provide a way to mitigate this risk. Some of these are the ability to learn and modify behavior based on insights from artificial intelligence, machine learning, and adaptive networks technologies.
Given that October is National Cybersecurity Awareness month in
(C) 2022 Electronic News Publishing, source