Law firms are in a race against time

With the introduction of the EU’s General Data Protection Regulation (GDPR) in May 2018, law firms are in a race against time to navigate through the myriad of cybersecurity challenges including an increasingly complex, costly and stringent regulatory environment.

IT directors, chief information officers and cybersecurity lawyers in Legal Week’s Intelligence Report – in association with Mimecast – highlighted their concerns on the impact the new rules will have on law firms and their technology infrastructure.

Here are the 5 top cyber concerns impacting law firms:

1. The biggest GDPR headache is email

Anyone who collects or processes personal data in the EU has to be able to report on the locations and uses of that data, and then destroy it upon request.

The biggest pain point for meeting this requirement is email. It relies on having a fully searchable and reliable archive to trawl through electronically stored information. Furthermore, larger firms need to recognize that any growth through merger and acquisition can multiply different email systems so reporting on every relevant strand of data can become complicated.

2. Cross-border data complications

Non-EU law firms and companies that have customers or data processing activities in the EU will also be subject to the new regulation. International law firms, who frequently send confidential or sensitive information across multiple jurisdictions or offices, now need to think more carefully about how they comply with the new rules.

One option, according to Oliver Yaros, a partner of Mayer Brown’s intellectual property and IT group in London, would be to adopt European data standards across the whole firm or have a EU-specific offering that would insulate, say, a US headquartered business from the regulations.

3. Change in client demands

It’s not just GDPR that is reshaping how law firms handle data. According to the report, Dentons Law Firm has put in place procedures that control what data can be shared globally and what data must be restricted.

Corporate clients are also more aware of the continued rise of external cyberattacks – particularly ransomware that hackers use to encrypt a firm’s data and hold it hostage until a ransom is paid to release it. 

4. Employee risks

Despite external cyberattack concerns, many IT experts recognise that a firm’s own employees pose the greatest cybersecurity risk.

Most cyber security attacks are not particularly sophisticated but are often successful as a firm’s own employees will unintentionally infect their IT systems by clicking on something harmful. This means law firms need to think about how to create a collaborative cyber defence using both technology a human firewall.

5. Collaborative technological and human defences

But while people are the first line of defence, the report asserts that technology is critical as a backstop for when things go wrong. Dentons’ Henri notes that among the tech tools the firm uses to minimize cybersecurity risks is the very software used by security agencies to continuously probe IT systems for weaknesses in real time.

To download a copy of the Legal Week report, ‘Cybersecurity – The Race to Protect’, click here.