Six ways to protect your firm from a data breach

If I were to ask you what your highest value business asset is, other than your staff and colleagues, what would you say? Your offices? Your library? Your computers and furniture? While those may be important and expensive assets, there is one that is far more vital: your data.

Every decision you make is reliant on the data you hold. If you’re in any doubt about its value, consider turning up to work tomorrow with no data to use. You would have no emails in your inbox, no information on your PMS, no financial records, no telephone numbers in your call directory, and so on. How would you run your firm and serve your clients?

Protecting your data is crucial to your firm’s success. Should you suffer a loss of data, or a data breach, on top of the lost business and damaged reputation, you’ll also face hefty fines from the General Data Protection Regulation. GDPR fines are now forty times greater than the maximum penalty of £500,000 under the Data Protection Act 1998. Companies can now face up to £20 million or 4% annual turnover, whichever is highest if laws are breached. A sobering thought when the Cyber Security Breaches Survey showed 43% of businesses in 2018 were witness to a breach or attack.

Why is cybersecurity important in the legal sector?

The Cyber Security Breaches Survey found 98% of businesses rely on digital tools for service and communication and in 2020, 84% of UK adults owned a smartphone. It’s impossible to imagine how we’d function without technology, so protecting our devices and the information we store on them is crucial.

For law firms, the stakes are higher, as your reputation is on the line. Cybercriminals view law firms as a prime target because they know you hold high-value assets including highly confidential information. They are also aware that firms typically hold large amounts of money and could pay a ransom.

What is your cybersecurity maturity level?

The first step to becoming more cybersecurity is to review your current solution and protection methods. To get a better understanding of how protected your firm is you can measure your cybersecurity maturity level; we’ve outlined how to do this in an extended version of this article, which is available on our website.

6 ways to protect your firm from a cyber-attack

The effects of a data breach or loss of data would have huge implications for you and your customers. Thankfully, there are ways to prevent such a breach from happening in the first place – and better still, they are not difficult to implement into your firm.


Most breaches are simpler than you may think. An individual guessing your password is one of the most common ways businesses are at risk. Enforcing a strong password policy is the easiest way to protect your staff and your data. In 2019, the National Cyber Security Centre (NCSC) reported that 23.2 million breached accounts were using “123456” as the password. Ensure your staff use only strong passwords that include a mix of upper and lowercase letters, numbers, and special characters to increase security.

Two-factor Authentication

It is highly recommended that your firm implements Two Factor Authentication (2FA) for as many logins as possible. 2FA means that logging into an account requires two steps to prove your identity and grant you access.

Cyber Security Training

You might be surprised to learn that breaches can often occur due to honest mistakes made by members of staff, such as an employee sending sensitive information to the wrong recipient or clicking a link in an email from unknown contact.

Being aware of cybersecurity is vitally important, especially as new methods to breach security will always be a looming issue. Implementing ongoing cybersecurity training is important to ensure staff are kept up to date on the latest best practices.

Upgrade your hardware

Keeping your devices, applications, and technology up to date is a necessary step in protecting the data on your computer. Cyber attackers always try to find workarounds and breach points in the latest software version, which is why software updates are important, as they prevent this from happening by implementing fixes. Avoid using old computers with outdated operating systems as they’ll no longer receive updates and as such, cannot be protected from a breach.

Mobile Device Management (MDM)

More of us have business data on our mobiles than we realise. Unlike a desktop, phones and tablets are much more likely to be misplaced or stolen. There are ways to prevent such an occurrence by using a method called Mobile Device Management (MDM). MDM offers higher levels of security, such as disabling Bluetooth access, 8-character pins, and the option to wipe company data remotely. It isn’t expensive to implement and comes with an enterprise package from Microsoft Office 365.

Choosing a cyber-secure practice management solution

Data security is something to take very seriously. Regardless of where you work, whether it be at your office or at home, there shouldn’t be any difference in the way you access, protect, and use your data.

When using Osprey Approach, we require the use of strong passwords with 2FA, no matter if you’re using a secure network or 4G on the go. Osprey is securely hosted in our data centres which means the data you store in Osprey is secure too. Data isn’t stored on your local device, so even if you don’t have MDM implementation, take comfort that it is safe and secure in our UK data centres, which are ISO27001 compliant.

A final word

Managing your data and ensuring your firm is cyber secure can feel overwhelming. However, there are plenty of solutions you can implement that will increase the security of your firm including staff training, password policies, and software updates. An extended version of this article is available here, which will help you to protect your data with the best technology solutions on the market.

Craig Matthews is Chair of the LSSA and CEO of Osprey Approach, which provides cloud-based case management software to high-street, corporate, and multi-branch law firms. With over 30 years’ experience in the legal software sector, Osprey’s system, implementation, and support services are designed to help make running a law firm easier