IT Governance urges law firms to adopt information security practices to avoid surge in ransomware attacks


IT Governance, the global provider of cyber security, IT governance, risk management and compliance expertise, is urging organisations within the legal sector to adopt information security best practice to avoid falling victim to a ransomware attack.
The response comes after a dozen law firms have been held ransom in recent weeks by cyber criminals demanding tens of thousands of euros to not delete company computer systems and files – including private client information – as reported by RTÉ news.
Alan Calder, the founder and executive chairman of IT Governance, says: “Law firms have notoriously been targets for cyber criminals because of the sensitive information they possess such as financial data, mergers and acquisition intelligence, and other sensitive information. Like any other business, law firms often do not discover a data breach or ransomware attack until long after they’ve started. The scale and devastation of ransomware and cyber breaches means that law firms urgently need to adopt stronger cyber security safeguards.”
Furthermore, RTÉ News reports that most attacks on law firms go unreported because of their fear of losing their clients’ confidence and to avoid reputational damage.
“Many organisations within the legal sector have already achieved certification to the international information security standard, ISO 27001, as a means of proving their commitment to securing their clients’ data,” Calder continues. “Accredited certification to ISO 27001 proves to customers, stakeholders, insurers and staff that the organisation follows cyber security best practices.”
An ISO 27001 information security management system (ISMS) provides organisations with a risk-based approach to data security that can be applied across the firm and throughout the supply chain. The Standard encompasses people, processes and technology, and provides "a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's information security to achieve business objectives" (ISO/IEC 27000:2014).
To understand how your firm can achieve an internationally recognised level of cyber security with ISO 27001, download the free “ISO 27001 for Law Firms” green paper now >>
For more information on how IT Governance can help your organisation achieve compliance with the ISO 27001 standard, please visit our website, email or call +44 (0)845 070 1750. 
This website uses cookies. View our cookie policy