Protecting client data in the digital age

The news is often awash with stories of celebrity photos and videos being leaked online, but the current headlines giving the source of the stolen data as an online iCloud hacker should make every law firm sit up and listen. While the latest celebrity leak
is one of many, the worrying manner in which this information was obtained makes it truly newsworthy.

In the wake of such headlines, there has never been a better time to reconsider your firm’s cyber security policies. Just how safe are your systems and what steps should you be taking to keep them secure?

For those who are not aware, the celebrity photos in question were hacked from Apple’s iCloud, a virtual storage system that automatically backs up iPhones and iPads. The jury is still out on how hackers got into the iCloud, but firms should waste no time in considering steps that they should take to make their data more secure.

While the information
leaked was embarrassing for
the celebrities involved, that information belonged to
them and not their clients.
The financial and reputational damage to a law firm from the hacking of client data
could cause their business
irreparable harm.

Corporate risk

For those who have largely missed the cyber security train, this story should reinforce the principle that cyber security is no longer a task that can be delegated to one person in the IT department. Cyber security
is a board-level corporate risk.

To use this particular example, one of the best ways to make your iCloud account more secure is to enable two-factor authentication, which involves combining your password with a pin number that can either be sent to your phone by text or by using an app. The process means that
any hacker will require more than just your username and password to hack your account.

But although the technology is there to respond to this type of threat, protecting your firm from this kind of cybercrime does not end there.

Any IT adviser worth their
salt will be able to build you a state-of-the-art defence system, which is of course critical for protecting information.However, actually understanding what needs protecting requires a little
more thought and business leadership. The stark fact that human weakness can be a greater cause of vulnerability than the IT system itself is often overlooked, so training and awareness are key.

Guessing passwords

While technical defences such as the two-factor authentication for the iPhone will help, there
is no substitute for the old-fashioned method of picking a good password. It is one of the best defences we have against cybercrime but it is often the one we take the least seriously.

Most individuals will want to use a password that is easy to remember, such as their surname, date of birth or pet’s name. However, any personal details are the first guess of any hacker. Firms need to be aware that their employees may provide a good deal of personal information on social media which can easily be gleaned
by potential hackers.

The simple step of making your employees aware of,
first, how to best protect their devices using harder-to-hack passwords and, second, how to avoid oversharing their personal data on social media, can really make a difference.

With awareness of cyber security increasing, particularly following the recent headlines, more and more clients will require any law firm acting
for them to have proper systems in place to protect their information. To ensure they keep their business, law firms must take cyber security seriously or face losing out
to firms that do. SJ

Eleanor Kilner is a solicitor at Weightmans