Indicative Quote
Get in touch



Data theft is big business. Tim Jackson examines the growing trend and suggests some measures small firms can put in place to reduce their risk.

No business is immune to cyber-attack. According to Misha Glenny, a journalist specialising in cyber-crime, “there are two types of people in the world: those that know they’ve been hacked, and those that don’t.”

As a recent article from the Law Society spelled out, even basic data such as; client names, addresses and dates of birth can be a valuable asset to fraudsters looking to create new identities or obtain credit in someone else’s name. Very often, firms do not know their systems have been compromised until it is too late.

We live in times characterised by increasing innovation and adoption of new technologies. Lawyers are moving away from traditional desktop arrangements and embracing flexible working on devices such as laptops, smartphones and tablets. Their clients are doing the same; they now expect to be able to access key information about any matter online.

At present, there are around 10 billion connected devices in the world, 1.5 for every human being. By 2020, the number is expected to soar to 50 billion devices. This can only mean more hackers and more victims; no network is ever completely secure.

A 2015 survey of 83 predominantly European companies from a range of sectors showed that political and security instability, including cyber-security, was the top concern by far, with 62% of companies reporting it as an issue.
Three ways smaller law firms can protect themselves

It can be a challenge for smaller companies to invest in security measures, as they lack the giant budgets of multinational firms. However, there are plenty of measures that smaller firms can take.

Data storage
While you might think that storing data on the cloud would make it more vulnerable to attack, in fact the opposite is often true. On-site hardware is easier to hack than a high-quality third-party data storage platform, which will have a team of security specialists shielding it from the latest viruses and attack methods.

Staff training
It is important to remember that traditional hacking tricks such as telephone impersonation are still a threat. For example; fraudsters may call pretending to be from a service provider and request account information or passwords. Training staff to recognise these threats will help reduce risk.

Law firms are required to store client information in accordance with the Data Protection Act 1998, which is soon to be superseded by more rigorous EU data regulations agreed in December 2015. In a small office, it can be tempting to be more lax about security, for example by leaving computers unlocked overnight.