No business is immune to cyber attack. According to Misha Glenny, a journalist specialising in cyber-crime, “there are two types of people in the world: those that know they’ve been hacked, and those that don’t.”

We live in times characterised by increasing innovation and adoption of new technologies. Lawyers are moving away from traditional desktop arrangements and embracing flexible working on devices such as laptops, smartphones and tablets. Their clients are doing the same; they now expect to be able to access key information about any matter online.

At present, there are around 10 billion connected devices in the world, 1.5 for every human being. By 2020, the number is expected to soar to 50 billion devices. This can only mean more hackers and more victims; no network is ever completely secure.

A 2015 survey of 83 predominantly European companies from a range of sectors showed that political and security instability, including cybersecurity, was the top concern by far, with 62% of companies reporting it as an issue.

It can be a challenge for smaller companies to invest in security measures, as they lack the giant budgets of multinational firms, but there are some simple steps they can take.

Three ways smaller law firms can protect themselves:

Data storage

While you might think that storing data on the cloud would make it more vulnerable to attack, in fact the opposite is often true. On-site hardware is easier to hack than a high-quality third-party data storage platform, which will have a team of security specialists shielding it from the latest viruses and attack methods.

Staff training

It is important to remember that traditional hacking tricks such as telephone impersonation are still a threat. For example; fraudsters may call pretending to be from a service provider and request account information or passwords. Training staff to recognise these threats will help reduce risk.


 Law firms are required to store client information in accordance with the Data Protection Act 1998, which is soon to be superseded by more rigorous EU data regulations agreed in December 2015. In a small office, it can be tempting to be more lax about security, for example by leaving computers unlocked overnight.

If you have questions regarding cyber security, please contact:

Richard Brown

+44 20 7031 2487