The recent ‘WannaCry’ ransomware attack that took down the NHS has been a global wake up call to businesses about the real threat and impact of cyber hacks. But at the same time we recently witnessed the tragic events of Grenfell tower in London. So, what should the legal sector be honing in on? Firebrand Training (trainers of UK Police forces in cyber investigation techniques and the first UK provider of a cyber security apprenticeship), explains to Lawyer Monthly and presents some recent statistics.
This year has already seen suspicions that elections around the world have been targeted by cyber hacks, but the latest large-scale attacks have brought home how big a risk this is to businesses and organisations like the NHS. In April this year Government DCMS statistics also revealed half of UK firms were hacked in the past year, highlighting the ever increasing threat to businesses.
The long-lasting effects of these breaches cost businesses time and money, with the global cost predicted to reach £4.9 trillion annually by 2021. Yet there is also a huge reputational risk too. Within the legal sector, customers are trusting firms with their personal data and if their legal firm is hacked and sensitive data lost, it can be difficult to regain that trust from your clients.
Despite these warning signs, law firms are still not taking cyber security seriously and preventative measures, such as cyber security drills, are low on legal firms’ priority list. However, in order to create a strategy to protect your business, it is vital to understand where your firm might be falling short when it comes to cyber security.
Where are law firms going wrong?
Recent research from Firebrand Training revealed a lack of awareness around cyber security within the legal sector. Amongst the list of safety and security procedures businesses carry out, cyber security has been a low priority. In fact, UK businesses carry out routine fire drills twice as often as all-staff cyber drills, despite the threat of cyber-attack being 125 times greater than fire.
Even more concerning is that one in 10 businesses don’t know if they train any members of staff in cyber-security at all, meaning almost half a million businesses (495,000) could be left vulnerable. One of the biggest pitfalls for businesses is the ‘it won’t happen to us’ attitude around cyber security. The research shows that within the legal sector almost a third of businesses (29%) think cybercrime is not a threat to them. However, businesses that hold sensitive data of any sort are at risk.
All organisations should have a certain level of awareness around whether their professional staff are cyber savvy, as for many businesses the net of people with access to sensitive data is wide. Despite this, Firebrand found legal firms only placed cyber training fourth on a list of training requirements they intend to invest in during the next 12 months.
By not investing in cyber security training, law firms are leaving their businesses at an even higher risk. This investment is crucial as the majority of legal businesses (57%) said they had just one named individual who had responsibility for cyber security.
So how can firms catch up?
Training your staff
An essential way to ensure your company is protected is to utilise the capabilities of your employees. If your employees have access to data and files for both your customers and the company itself, then your business is at risk if you haven’t provided the proper training on the basics. Providing regular training in cyber security is essential to keep staff aware of the company’s policies and engaged as your first line of defence against cyber criminals.
This is relevant for users across the company whether staff, management or especially those who specialise in IT infrastructure. There are essential training courses available such as CompTIA Security+, CISMP and CISSP which provide the necessary skills for different levels and are continuously updated to reflect new threats, risk analysis techniques and awareness programs.
New methods of accelerated training pioneered by Firebrand are now available for businesses to minimise employees’ time away from desks whilst learning new skills, so employees are trained in the fastest and most efficient method.
Another strong option for ensuring your employees are trained and confident in essential cyber security skills are apprenticeships. Apprenticeships are understood to bring benefits for both businesses and employees by combining working, learning and earning. In addition, with the introduction of the new Apprenticeship Levy in April this year, apprenticeships are set to become more affordable. Government is set to contribute 90 percent of the cost of an apprentice for your business, including training and recruitment costs. The new Levy means UK-based employers with a salary bill of over £3 million must invest 0.5 percent of this figure in hiring apprentices or developing existing staff. This cash will be transferred to an Apprenticeships Service account, but if it's not used it will be permanently lost. This is a huge opportunity that shouldn’t be wasted by employers.
Businesses need to utilise the Levy wisely to upskill current employees as well as to help recruit new members of staff. By using the Levy, UK firms can leverage apprenticeships to overhaul how they recruit and train their existing team to become IT security professionals so they are not relying on one member of staff to ensure the business’ policies and systems are up to date in the future.
How does it work?
Firebrand is the first UK training to deliver the new Cyber Security Apprenticeship Standards. Apprenticeships offer both entry-level and established IT professionals the opportunity to build their IT knowledge and enhance their skills through accelerated training in a real-world job.
Unlike other programmes, Firebrand apprentices aren't on day release - they're a full-time employee. The programme includes up to 18 days of intense, residential training throughout the year. Between these training weeks, the employer can focus on giving the apprentice the best work experience possible.
This means legal firms can ensure their level of preparedness in case of a cyber-attacker strikes, with the right staff sharing the right skills whatever your legal specialism or workforce size.
To find out more about accelerated apprenticeship schemes, go to http://www.firebrandtraining.co.uk/apprenticeships/employer or follow Firebrand on @BeAFirebrand