³ÉÈËÓ°Òô

Over the past few months, many professional services and law firm employees have had to handle the switch from office-based work to remote working - some for the very first time.

This has come with a whole host of complications, especially within law firms, as previously long-established methods for dispute resolution and transactional work were transferred to virtual means in a short space of time.

In addition to security vulnerabilities brought about by the switch to the home-office, the ever-changing flow of news, laws, and guidance on the coronavirus pandemic has meant it is hard to keep up, and to know what sources are reliable anymore.

It is trickier to identify what is official and what is not in such an environment. It is not surprising that reports of cyber-attacks during the coronavirus have been widespread, for a whole host of reasons. Last month, both the and global car manufacturer reported cyber-attacks that affected their operations.

The sharp jump in remote working has almost certainly been an enabling factor for cyber-criminals. Much of the legal sector is a favourable target for these criminals; law firms handle large amounts of sensitive client information, data and money.

Coronavirus is providing an additional challenge for the legal industry, which was already being increasingly affected by cybercrime. According to an , the National Cyber Security Centre found that ‘ 60% of law firms in the UK reported experiencing an attack in 2017; a rise of 20% from 2016.’ It is no wonder, then, that in the hasty transfer to digital working earlier this year, the SRA issued a warning to law firms in April, advising them of the increased risk of cybercrime which could be targeted at law firms during lockdown.

However, the legal industry is not only vulnerable themselves; they also are often involved in legal action which may result from the consequences of a client being targeted by a cyber-attack incident. In recent years, law firms have needed to adapt handle complex and new legal challenges brought about by data breaches caused by attacks. For instance, in May this year, when , Lexology reported that law firms sought to help clients to recover damages in relation to the data breach caused by the attack, where third parties were able to access customers’ personal data.

Some law firms now have reporting systems in place, that help clients with preparing for the initial handling of cyber-attacks. Other ways to help prevent cyber-attacks include widespread employee training to build awareness of fake emails, disseminating clear guidance of what actions to take in the event of an attack, and putting in place insurance to cover cyber risks.

Whilst the success of digital proceedings in some courts - such as the commercial courts - has led to speculation that digital court proceedings could pave the way for the future of law, this could potentially lead to more cyber risk going forward. In the past, the legal sector has generally been reluctant to move from its traditional model of established system. This model has been forced into digitalising, but the transition must be handled cautiously, if cybercrime is to be effectively prevented.

Further reading

Cybersecurity & cybercrime guidance

Pandemic management—information and cybersecurity—challenges and practical responses

Training materials—cybercrime and cybersecurity

Social media activity monitoring form

Getting the Deal Through: Cybersecurity 2020

GDPR compliance—managing personal data breaches Practice Note

Cybercrime—issues threats and vulnerabilities