Cyberattacks on networks, systems, data and hardware are extremely common these days, and they have skyrocketed in frequency in 2020. Malware, phishing, spyware, DDoS attacks and other forms of digital breaches and data theft are not only frequent but come at a huge cost for the companies affected. According to IBM’s 2020 Cost of a Data Breach Report, most breaches in 2020 involved organizations’ personally identifiable information, and breached data cost businesses on average $150 per compromised record.
A few more figures from the report shed light on the costs that breaches incur:
- In 2020, data breaches cost on average $3.86 million. In France, that figure is $4 million
- 70% of respondents said remote work would increase the cost of a data breach
- The average time to identify and contain a data breach was 280 days in 2020, while average savings from containing a breach in less than 200 days is $1 million
- Data breaches caused by malicious attacks are the most common and expensive, with compromised credentials being the most expensive initial cause of malicious breaches
1. A rise in cyberattacks
In sum, data breaches are expensive, and they’re even more expensive the longer it takes you to spot them. Why should you care? This problem is becoming more relevant than ever: Cybercrime has increased around 400 percent amid the coronavirus, with ransomware attacks in particular increasing 800 percent during the pandemic.
In France alone last year, cybercrime increased by 255% compared to 2019. Several companies, including software firm Centreon, which lists Airbus, Air France, Thales, ArcelorMittal, Électricité de France (EDF), Orange and the French Ministry of Justice among its clients, were breached last Monday, and several French hospitals were hit with ransomware attacks within a week. In light of increased hacking activity, the French government announced they are investing 500 million euros to help companies and public authorities boost their cyber defences.
Meanwhile, Microsoft’s president just called December’s hack of software firm SolarWinds targeting the U.S. government the “largest and most sophisticated attack the world has ever seen.”
2. Cybersecurity strategies for the legal profession
An effective cybersecurity strategy is paramount for businesses to protect their networks, systems and data from digital attacks. For law firms and legal departments, this means responsibly safeguarding huge amounts of both their own and their clients’ sensitive data. GDPR and other laws further impose this obligation by forcing all organizations that operate in the EU to communicate data breaches, require user consent to process information, and anonymize data for privacy. A security-by-design approach, compliant with the best cybersecurity practices, is the best way for law firms to protect their data. This involves:
- Cloud security: 93% of enterprises have moved to the cloud, for good reason – the cloud provides a much better security infrastructure than hardware. Closd’s data is exclusively hosted in the EU by OVHcloud, a top-tier worldwide cloud services provider, and all data is backed up on storage drives that benefit from a live triple replication to prevent data loss.
- Data encryption: On Closd, data is encrypted with a strong military-grade AES-256 cipher and networks are protected by the industry standard TLS protocol, with certified providers conducting security audits and penetration tests on our systems each year to ensure that security systems are up to date.
- Strong user authentication: Parties on Closd need a secure email/password combination, plus a one-time password sent by SMS and an automated ID verification in order to sign a document. These measures, coupled with optional 2-factor authentication and Single Sign-On, cross check users’ profiles and detect traces of tampering within a document.
- Logging activity: Like on Closd, user actions should be recorded on an activity log accessible to system administrators that allows prompt investigation of any potential issue and identification of compromised accounts.
Law firms’ access to confidential client data is a valuable commodity, and cybercriminals have taken the increasing use of technology within the legal profession as an opportunity to obtain sensitive personal data. Legal departments should take care to adhere to best practices and implement technological controls within their systems.
It is important, however, that this be paired with a holistic awareness of cybersecurity risks in firms’ governance and culture. According to data collected by IBM, human error is the main cause of 95% of cyber security breaches – from accidentally downloading malware, succumbing to a phishing attack, or simply not using a strong enough password – employees are using an increasing number of tools and services that put them at risk of making a mistake. That why educating employees about different types of threats and how to avoid them is paramount, along with instituting secure technology solutions. Together, these are the best way to mitigate the risk of data breaches and that are costly economically, reputationally, and regulatorily for legal professionals.