Jonathan Ashley, co-founder of etiCloud. (Sponsored content.)
I never cease to be amazed by the number of companies that simply haven’t considered cyber security. Perhaps worse still, are the individuals in senior management and IT roles who ask me: “but why would we need that?” and “it’s not my responsibility though is it?” Well, actually cyber security is everyone’s responsibility and here’s why.
To err is human
When it comes to implementing cyber security measures your IT provider should be supporting your firm and showing you what they’ve put in place to protect against a potential attack. That, however, is only half the story.
Any firm can say “we’ve put this in place and that in place” and the security solution they’ve created may well be unparalleled when it comes to the latest technology. However, it’s the person using the technology who is usually the chink in any cyber security armour. People make mistakes. That’s the bit that’s not so easy to control. Or is it?
What’s the extent of your employees’ cyber security knowledge?
Hackers, more often than not, find a way into accounts and data thanks to a lack of education and staff training. We all know how to use the system but do we know what controls we should be using to protect corporate and client data? How well versed are your employees when it comes to cyber security and protocols? For example: what’s multi-factor authentication? Do you have web filtering? When did you last update your anti-malware?
The impact of this knowledge gap is exacerbated by the fact that the legal industry is missing a ‘Gold Seal Standard’ in relation to cyber security. There are no set guidelines for law firms, no best practice. And we know how tricky this can be from our own experience working towards our ISO 27001 accreditation when we first established etiCloud.
Tech knowledge = best practice
We enjoyed an excellent working relationship with the auditor assigned to us. He was extremely impressed with our tech AND the knowledge of our staff with regards cyber security and its importance to our clients’ businesses and our own. I remember him saying that if every company he audited incorporated all this tech and knowledge base his job would be easy. Of course, you’d expect a business like ours to excel in this area. But how can you do the same and embrace best practice? Here are our top tips and they’re not as onerous as you might expect:
1) Don’t wait and don’t bury your head in the proverbial sand. Don’t wait for someone else to tackle the issue of cyber security. If you have concerns, say so and take the bull by the horns and do something. Equally, don’t wait for a cyber security attack to happen. By then it’s too late. As with any task that seems difficult our reaction is to put off tackling them in favour of something easier. Cyber security need not be complex and there are lots of people and businesses out there that can help – don’t be afraid to ask for support!
2) Security can be expensive. Or it can be quite reasonable. Don’t be fooled into thinking (or being told) you need to spend £1000s on a bespoke solution. Reach out to peers, tech companies and wider industry to find out what is appropriate for your company; don’t be rushed into making a decision.
3) Make sure your board and management team are aware of and understand any cyber security policy and measures you implement. Ensure you deliver regular training sessions for staff to make certain every person in your firm is up to speed and has the knowledge they need to make the policy and measures actually work in practice, not just theory.
If you follow each of these three steps and do something to either improve or initiate enhanced cyber security, your law firm will be much less of a target for cyber criminals. Responsibility is key and that can start with you, today.
Enterprise House
1 Broadfield Court Sheffield
S8 0XF
United Kingdom
T: 0333 358 2222
Find out more about etiCloud
No comments yet