Are Your Lawyers and Accountants (Still) the Weakest Links in Cybersecurity?
Data privacy is a hot topic right now—not just for tech giants like Facebook, but for any service-based firm that manages sensitive client data. Every day, there are stories of breaches, hacks and entire companies being crippled by ransomware viruses or phishing scams.
For firms in the legal and accounting industries, this means cybersecurity is a top priority in the IT budget. Your clients want to know how their data is being protected while demanding faster and more convenient services. Right now, moving to the cloud is the next step to stay relevant and competitive, but this also presents new risks for all that data.
Lulled into a False Sense of (Cyber) Security
As an IT services provider, I am evaluating new technologies in cybersecurity on a weekly basis. The cybersecurity industry evolves at a frenetic pace because new threats are cropping up at the same rate. And every cybersecurity technology provider makes the same set of promises of safety. This creates a false sense of security within many firms that believe they’ll be protected from anything.
Here is the first step in staying on top of cybersecurity: accept that nothing is foolproof. The fact is, today’s law and accounting firms are more vulnerable than ever no matter what cybersecurity is put into place.
Data Shows Humans are the Weakest Link
According to BakerHostetler's 2017 Data Security Incident Response Report, which incorporated data from the 450 breaches the company worked on in 2016:
· 43%, phishing, hacking and malware incidents accounted for most incidents for the second year in a row which was a 12 percentage-point jump from the firm’s incident response report in 2015
· 32% of incidents were initiated by human error
· 25% of attacks involved phishing
· 23% were initiated via ransomware
· 18% of comprises occurred due to lost or stolen devices and three percent reported internal theft
Now the companies surveyed ranged from $100 million to $1 billion in revenues across health care, retail, hospitality, financial services, insurance and other sectors. I’m pretty sure these organizations have healthy cybersecurity budgets with the latest in shiny new protection technology. It all leads to a stark conclusion.
It Really Doesn’t Matter How Much You Spend
I tell companies all the time, when it comes to spending on cybersecurity, hope for the best and plan for the worst. This means having a continuity plan in place that involves educating your people. It really doesn’t matter how much is spent on cybersecurity; today, hackers understand the human element better than most.
All it takes is for one person inside the firm to make an innocent mistake. Whether it is opening a PDF or accidently losing a device, humans are not infallible. Hackers know this. We do too, which is our focus with our clients.
A Collaborative Response
If you are a legal or accounting firm that hasn’t started an internal conversation on cybersecurity, don’t wait any longer. It only takes one incident to cripple a practice. Even losing half-a-day’s productivity can wreak havoc on your client confidence and market share.
And if you’re already talking about cybersecurity, kudos. Take the stance that regardless of budget and technology, when it comes to cybersecurity, the people in your firm are still, and most likely always will be, the weakest link.
These are the reasons cybersecurity and IT support are a collaborative effort between the IT services provider and the client firm. The larger the firm, the more every lawyer and accountant needs to be educated on cybersecurity. Furthermore, the relationship between the firm and IT support company must be built on trust and communication. It’s all about a relationship and conversation about cybersecurity.