- 18 King Street East, Suite 1400, Toronto, ON - M5C 1C4
lEGAL SERVICES & LAW FIRMS
Law firms are the custodians of a lot of sensitive and valuable data, making them an increasingly attractive target for cyber-attacks.
Download our whitepaper to see where you stand with your current cybersecurity posture
46 percent of firms have had their reputations and brand value harmed as a consequence of a data breach. While 19 percent have had their reputation and brand value harmed as a result of a third-party security breach
FORBES
regulations and fines
Laws for Data security vary with location.
it is the law firm’s responsibility to be aware of your legal obligations and regulations in the event of a breach.
sOME RELEVANT REGULATIONS
CPPA (PIPEDA)
The Office of the Privacy Commissioner (OPC) in Canada will now have the authority to audit any organization's privacy practices, enter into compliance agreements with non-compliant organizations, and refer matters to a newly created Personal Information and Data Protection Tribunal, which will be established under the Personal Information and Data Protection Tribunal Act.
GDPR
In 2018, Europe enacted a uniform data protection regulation, the General Data Protection Regulations, to help address worldwide needs for improved data security (GDPR). GDPR demands better protection of personal data belonging to EU citizens, with the goal of unifying the legal environment for businesses managing personal data.
CCPA
The California Consumer Privacy Act (CCPA) was launched in 2020 by the state of California, with the goal of mirroring the GDPR and requiring better personal data protection for California residents.
SHIELD
Similarly, the Stop Hacks and Improve Electronic Data Security Act (SHIELD) was introduced in New York, requiring any business in possession of personal data of New York residents to implement "reasonable" security precautions also strengthening the data breach notification requirement (already one of the strictest in the United States).
Building a practice in house?
Shortage of cybersecurity resources
The lack of manpower is perhaps the most significant concern for firms who are scaling up or trying to setup new practices, but still rely primarily on manual processes for their cybersecurity programs.
According to ESG’s research, more than half of organizations believe they are experiencing a “problematic shortage” of skilled professionals, resulting in increased workload for current employees, junior employees being hired for positions that require experience, and too much time spent on crisis resolution rather than training (some two thirds of professionals say they are too busy to keep up with skills development and training).
Because of the high demand for competent individuals, nearly half of all cybersecurity specialists were asked to consider a new job at least once a week, according to one research.In some sectors, such as healthcare, the percentage is closer to two-thirds.
Building a cybersecurity practice is expensive
Even though cyber-attacks are on the rise, job openings for cyber security specialists remain unfilled — why?
The simple answer is building an in-house cyber security expertise is expensive! Furthermore, cyber security is itself a
complicated science and threat detection alone requires a variety of roles and skill sets, as well as years of expertise evaluating threat behavior.
Managing all of these, combined with the increasing complexity of tech stacks, requires a high level of competence which comes
at premium cost.
What are others doing?
Types of cyber-attacks
– Denial-of-service (DoS) and distributed denial-of-service (DDoS)
– Man-in-the-middle (MitM)
– Phishing and spear phishing
– Drive-by download attacks
– Passwords
– SQL injection
– Cross-site scripting (XSS)
– Eavesdropping
– Birthday
– Malware and Spyware
Best Practices
– Have an incident response plan in place
– Create plans for security awareness training
– Institute Formal Policies
– Have a leader to run the cybersecurity policies and program
– Have Backup strategy in place
– Use enterprise Antivirus Software
– Ongoing Software patching
– Have an access and governance plan
– Secure File and data transfers
– Have email security systems in place