CYBERSECURITY FOR LEGAL FIRMS
CONTINUED
employed on your network can help detect vulnerabilities as soon as they are reported, so you can patch any potential issues before an attacker exploits them.” Hybrid working increases the potential of vulnerabilities as employees have multiple access points, adds Phil. “Employees can easily connect to systems that are not secure, exposing confidential and sensitive client information, financial details etc,” he adds. “According to the 2025 Cyber Security Breaches Survey, 29% of companies in the UK experienced at least one incident connected to remote or hybrid working. Companies must implement clear security policies around hybrid working, showing employees how to secure their data and network. Phishing attacks have evolved beyond email – employees should be trained on what a potential attack can look like allowing them to alert security teams in a timely manner.” Effective security There is a myriad of threats out there, but also various means of helping to ensure data stays secure. “Multi-factor authentication (MFA) is non-negotiable, but it is no longer a silver bullet,” says Dray Agha, senior manager of security operations at Huntress. “MFA is a mandatory baseline for mail identities and VPN access. But we have also observed threat actors bypass it through ‘push fatigue’ (spamming users with approval prompts until they give in) or by exploiting unpatched vulnerabilities on the VPN appliance itself. MFA must be enforced universally, with absolutely no exceptions for senior partners or legacy systems. “Defence in Depth is the only true safety net, as an effective, mature security posture requires assuming the perimeter will be breached. This means coupling MFA with continuous endpoint monitoring (EDR) and 24/7 telemetry logging (SIEM) to catch anomalies in real-
time. If an attacker compromises a VPN credential, strict network segmentation, least-privilege access and behavioural monitoring are what actually stop them from reaching the firm's document management systems.” Mike agrees that MFA remains one of the strongest defences against credential- based attacks. “But on its own, it is not enough,” he adds. “What is becoming more important is how access is managed more broadly, with a shift towards models like zero trust, where users and devices are continuously verified rather than assumed to be secure.
Contributors
Dray Agha
huntress.com
“For legal firms, the focus is also on visibility. Knowing who is accessing sensitive data, from where, and under what conditions is critical, particularly in hybrid working environments. Encryption plays a key role here as well, ensuring that even if data is intercepted, it cannot be easily exploited. “Beyond individual tools, many firms are moving towards managed detection and response, where threats are actively monitored and handled in real time. This is where managed service providers play a critical role, giving firms access to capabilities that would be difficult to build and maintain in-house. “Ultimately, the firms that are better protected are those that treat security as an ongoing operational discipline.” Mark Challis, head of cyber & AI security at EIP, agrees that MFA is essential. “But it is not infallible,” he adds. “Zero trust
Mark Challis
eip.com
Ryan Davis
culture.ai
40
Powered by FlippingBook