Why cybersecurity matters

In line with global trends, cybercrime is a rapidly increasing problem for the both the profession and client. Client account funds and confidential information relating to firms and clients are attractive targets for cybercriminals. Unfortunately, Irish firms, their clients and vendors have been victims of increasingly sophisticated attacks. 

An attack can impact on your firm, your client relationship, your reputation, and your firm finances. However, armed with appropriate knowledge and support and training, you can significantly reduce the risk of a successful attack. In this section, we detail how several common cyverattacks work, and provide links to useful resources.

Common types of attack

Cybersecurity protects your IT systems from vulnerability and attack, protecting your clients, your staff, and your financial and other assets. 

In a law firm environment, the ultimate gain is either sensitive information, or gaining access to your bank accounts.

Threats involve, but are not limited to:

• Malware, which includes viruses, worms, Trojan horses, spyware and ransomware. These attacks result in the theft, deletion, alteration or hijacking of your information and/or network.

• Phishing describes the action of using emails, text messages, phone calls, or websites in a malicious manner. In a law firm environment, individuals could use phishing to obtain confidential information on your clients, passwords to your bank accounts, or tricking people into downloading malware.

• Impersonation and social engineering, to trick you or your staff to open a phishing email, installing malware, or transferring a monetary amount to a fake bank account.

Most cybersecurity attacks require human interaction, meaning that you and your staff are your main defence. Training, behavioural change and policies complement efforts to protect IT software and hardware. A crucial piece is to review how safely you and your team carry out financial transactions. 

It is recommended that you carry out a cybersecurity risk analysis and establish a governance model, which includes reviewing your insurance.

This cybersecurity hub is designed to support solicitors with relevant and useful information.

Build your knowledge

See useful articles, introductory resources and training below.

• Summary of the 6-part series: December 2023 Gazette - 'The phantom menace'

• Safe banking procedures: November 2023 Gazette - ‘Equality of arms’

• Cybersecurity v data protection breaches: October 2023 Gazette - ‘Head in the sand’

• Cybersecurity assessments: Aug/Sept 2023 Gazette - ‘Potential threats’

• Technical cybersecurity measures: July 2023 Gazette - ‘Stress test’

• Cybersecurity insurance: Aug/Sept 2023 Gazette - ‘Safe haven’

• Introduction to the 6-part series: June 2023 Gazette - ‘Attack mode’

• Risk management for law firms: March 2021 Gazette – 'Tangled webs – managing risk in an upside-down world'

• Court proceedings for cybersecurity attacks: April 2020 Gazette – 'Return of the Cybermen'

• Legislative changes: April 2019 Gazette – 'Away in a hack'

More resources can be found in the Law Society Library's Cybersecurity Subject Guide.