Information security

Why this risk matters

  • Solicitors and firms handle very sensitive information. If that information is lost or stolen, it can harm their clients’ interests.
  • Written information can be lost or stolen, and cannot easily be encrypted.
  • Protecting electronic information presents challenges, as cybercriminals do not need to be physically present to access it.
  • The General Data Protection Regulation, in force from 25 May 2018, will change the rules relating to protecting personal information. Solicitors and firms need to be prepared.

Trends

  • Cybercrimes and scams aimed at stealing information include:
    • Malware – harmful software that includes viruses and ransomware programs. These encrypt files and demand a ransom in return for a decryption key.
    • Phishing and vishing – where a criminal uses email or telephone to obtain confidential information, such as a password, through building a personal relationship with a solicitor or law firm employee.
    • CEO fraud – where a criminal impersonates a senior figure at a law firm through hacking or purchasing a very similar email address to impose authority and order money transfers.
    • Identity theft – where bogus firms copy the identity and brand of a law firm.
  • We receive around 40 reports of confidentiality breaches each month. All solicitors and firms must take care to understand the threats and how to avoid them.

Actions

  • Many threats to information target people, rather than electronic systems. Firms should train staff to recognise common scams. Our paper IT Security: keeping information and money safe, has more information on common scams.
  • Non-electronic information can be protected by steps such as locking files away at night, and being careful not to discuss sensitive information on the telephone where others can overhear.
  • The best defence against ransomware is a backup that is not constantly connected to the firm’s system.
  • The governmentally endorsed Cyber Essentials scheme can help firms check that they have a secure system, and offers different levels of certification to suit different sizes of business.

Further information