SECURITY FOR LEGAL FIRMS
CONTINUED Network security needs
loss, and while not a cyberattack, it’s a data breach that could easily result in a financially damaging fine. “Business email compromise also encompasses insider threat, where individuals can be targeted and exploited to transfer funds inappropriately, especially where smaller firms may not have robust or formal processes in place that can enforce verification.” More than a padlock VimalRaj Sampathkumar, UKI technical head at ManageEngine, adds: “When it comes to network security, legal firms need more than just a padlock on the door, they need an entire security fortress. First and foremost is the zero trust approach: never trust, always verify. Every device and user must prove their legitimacy before gaining access. MFA acts as the double- locked vault, ensuring only authorised personnel pass through the gates. “Encryption is a digital shield protecting sensitive data, making it unreadable to prying eyes. Endpoint detection and response (EDR) works like a high-tech security camera, spotting and neutralising threats before they can wreak havoc. “Regular security audits are the legal firm’s version of due diligence – ensuring compliance and catching vulnerabilities before attackers do. This is not to forget the human element. Staff training remains the strongest firewall against cyberattacks. Without these robust multi- layered solutions to defence, firms are leaving their digital doors wide open.” Lee Driver, VP of managed security services at Ekco, agrees that encryption of data in transit and at rest is also crucial for protecting confidentiality. “Especially with remote and hybrid work, and shadow AI use,” he says. Segmentation is another key factor, he adds. “Breaking the network into secure zones helps limit the damage in the event of a breach. Legal firms should also have continuous monitoring in place to detect
Contributors
With the variety of threats out there, network security for legal firms needs to be a combination of technology and training for the employees, says Simon Langdown, co-founder at Essenkay. “Ensure the legal firm has a risk management plan in place,” he says. “Remember that when transferring and storing data it is not just your organisation’s data security controls and privacy controls that are important. Make sure you have a clear plan for responding to any security breaches so that any damage is minimised.” Simon adds that when handling highly sensitive data it is essential to encrypt that data to protect from unauthorised access. “Implement multi factor authentication (MFA), which is a security process requiring a user to provide two or more verification factors like passwords, text messages on smartphones or biometrics, to ensure only authorised personnel can get access to sensitive information. “Networks need to be secured with firewalls and WI-FI needs to be safeguarded against external threats. Make sure software that is used has up to date security patches to mitigate vulnerability. And don’t let employees use their own personal devices to access the system.” Simon adds that it’s important to educate employees on the dangers so that threats due to human error can be reduced. Neil notes that DPSM (Data Security Posture Management) is becoming a common approach. “As it has greater real-time monitoring, assessment and remediation than legacy (and often cumbersome) DLP solutions,” he adds. “Insider threat is also a key area to discuss, whether from accidental data loss (such as phishing attacks) or malicious sharing from compromised individuals, who will be clear targets due to the value of the data. Sending emails (and confidential data) to the wrong recipient is also a common source of data
Brian Sibley
espria.com
Neil Langridge
e92plus.com
Phil Skelton
esentire.com
Simon Langdown
essenkay.co.uk
CONTINUED
www.newsinthechannel.co.uk
43
Powered by FlippingBook