Perhaps inside the Legal Department is the most critical space where confidentiality and data security are imperative. Departments function better when their data is functional, accessible and secure.
Here are three vital steps to take in 2019 to combat cybercrime in your legal department :
1: Increase Cyber-budgets
2019 will see a greater chunk of annual budgets devoted to defending against cyberattacks. Consultancy group EY in their 2018 EY Global Information Security Survey (GISS) found that high-profile breaches have primed two-thirds of companies to increase their cyber security budgets by at least 5 per cent over the next year. However, within the same survey, 87% of organisations do not yet have sufficient budget ‘to provide the levels of cybersecurity and resilience they want’. For small or medium sized Legal Departments unable to expand their budgets or those reluctant to increase spending, the focus should shift to 3 core areas to best protect themselves.
1: Identify and protect key data
2: Review data weaknesses, data access and potential technology blind spots
3: Upgrade and invest in technologies that provide dual functionality like DiliTrust Governance
2: Implement Staff Training and Shifting the Focus to People-Centric Security
Human error still accounts for the vast majority of data breeches. According to an IBM report , “over 95% of all [security] incidents investigated recognize ‘human error’ as a contributing factor”.
According to IBM the most common errors are the following:
- system misconfiguration
- poor patch management
- use of default user names and passwords or easy-to-guess passwords,
- lost laptops or mobile devices
- disclosure of regulated information via use of an incorrect email address.
Legal Departments can benefit hugely from notifying and training staff about the most common of all human errors, double clicking on an infected attachment or unsafe URL. Therefore, to proactively tackle human errors, businesses and Legal Departments alike need to focus on people-centric security.
3: Increase cybersecurity awareness at leadership level
A definitive cyber security plan is everything. For medium and large Legal Departments, it is imperative that management should regularly report their findings to the CTO/CIO and the top tier management about data security pitfalls and development.
Rising awareness in leadership has been well documented in 2018. 66 per cent of 1000+ C-level executives who were surveyed by a 2018 Stripe and Harris poll found that security and data breeches was their biggest threat in business. Among Law Firms the concern is greater, as 82 per cent of those surveyed by PWC in 2018 of the top 100 law firms say that they ‘are somewhat or extremely concerned about cyber’.
But 2019 may prove to be the year that data security moves into the frontline for Legal Departments. EY in their 2018 GISS poll found that of the 1200 respondents surveyed, “77 per cent of organizations are still operating with only limited cybersecurity and resilience”. In comparison only 27 per cent of respondents to a PWC 2018 survey of Law Firms said that they ‘were very confident that their IT Disaster Recovery testing has fully demonstrated that end to end operable services can be recovered in line with business recovery requirements’. It is clear that at leadership level, awareness and planning are crucial elements for Legal Departments to remain agile and primed to react to any cyber-attack.
Our technology is compatible with your privacy. As a French owned company, your private data is stored in France, Canada and the UAE and is not subject to U.S. data legislation. Your data stays your own with our secure software solutions. DiliTrust Governance is a collaborative legal platform to streamline, centralise and organise all legal activities in your Legal Department. DiliTrust Governance allows users to get strategic about data management and data security. To find out more about how our solution can seamlessly support your Legal Department book a free demo here today.