Creating a Security-First Culture: Cyber Security for SME Law Firms

LegalTech in Leeds







On Thursday 28th September, LegalTech in Leeds hosted a cyber-security seminar for SME law firms in partnership with Jungle IT

After the opportunity to network over breakfast and coffee, Julian Wells, Director at Whitecap Consulting / LegalTech in Leeds kicked off the event by welcoming all speakers and thanking Bruntwood SciTech and Jungle IT for hosting the event as well as thanking everyone in the room for coming to the session. 

Following this, Julian then gave an introduction to LegalTech in Leeds including a brief overview of the initiative, its background and key aims, as well as thanking all the sponsors and partners for their continued support and commitment to the initiative (Addleshaw Goddard, Bruntwood SciTech,  Barclays Eagle Labs, Barrister Link, Calls9, Cyber Security Partners (CSP), DAC Beachcroft, FinTech North, Founders Law, Jungle IT, Katchr,  Leeds City Council, Leeds City Region Enterprise Partnership, Leeds Law Society, LawtechUK, Leeds Trinity University, rradar, Page White Farrer, PEXA, SYKE, The University of Law, Toca, University of Leeds, Walker Morris, Whitecap Consulting, Yorkshire Legal). 

We then had a progress update from Chloe Thompson, Consultant at Whitecap Consulting / LegalTech in Leeds, who presented the following stats: 

·      LegalTech in Leeds has delivered 27 events since its inception in January 2022. 

·      In total, the events have attracted over 2,100 sign-ups and have featured 210 speakers.

·      LegalTech in Leeds has 870 LinkedIn followers, 250 Eventbrite subscribers and over 1,000 people on the mailing list. 

Chloe then gave a rundown of the event activity that has taken place over September including two learning lunches, a data focused seminar in partnership with Katchr and the first ‘SME Law Firm Forum’, which is part of a wider objective to better meet the needs of the SME law community. 

To finish, Chloe highlighted a number of upcoming events for October: 

·      How to progress in your law firm without digital burnout, partnership with Leeds Trinity University – Wednesday 11th October, 12:30 – 15:00 @ Walker Morris. 

·      AI in Legal Services, in partnership with rradar – Wednesday 25th October, 08:30 – 11:00 @ Platform. 

Julian then introduced our expert speakers for the session, who each gave a flavour of the topics they were going to cover during their presentations. 

First up, we had Laura Kaung, Governance, Compliance and Cyber Security Manager at Jungle IT, who specialises in the ‘first line of defence’ when trying to create a robust cyber culture. 

Laura started by talking about the importance of using complex passwords for accounts, particularly social media accounts, which are often exploited by cyber criminals for information that can be used in cyber-attacks. Laura got the room to engage in an activity which involved guessing how many times common passwords such as ‘Password123’ had been breached just this year, revealing some shocking stats. 

Laura then played a video which demonstrated an example of ‘Vishing’ (voice phishing), whereby attackers use information gathered over the phone to conduct phishing attacks. The video showed how attackers tap into the social consciousness of humans by making themselves more relatable and as a result, more likely to gain the trust of someone over the phone who is then susceptible to giving out sensitive information than can be used in an attack. 

Laura finished by outlining some examples of social engineering and how it makes people and businesses vulnerable to attacks. Such as, catching the same train every day and being overheard during conversations.

Next up, we had Matthew Simmons, Cloud Solutions Architect at Jungle IT, who delivered a talk on data governance and the importance of this being an ongoing company-wide consideration, rather than a ‘one-off’, siloed project. 

Matthew also made the distinction between ‘data governance’ and ‘data management’:

Stating that data governance is more about the sharing of data securely and stakeholder collaboration rather than data storage or metadata management. 

Matthew then moved on to the topic of AI and how it has impacted the way we work. He played a short video demonstrating ‘Copilot’, an AI tool which can analyse large amounts of data in Excel and produce key trends that can be visualised through graphs / charts.

Matthew concluded his talk by encouraging everyone to embrace the developments in AI but to also be aware of some of the risks that come with it such as data security and privacy concerns, stating that you can take action to mitigate these risks such as putting employees through training to increase awareness and by implementing multi-factor authentication. 

Last up, we had Mark Wainwright, Security Awareness Advocate at Jungle IT, who began by delivering some hard-hitting stats to the room: 

·      81% of respondents in the UK experienced a cyber incident in the last year, costing on average £650k per cyber breach. 

·      26% of cyber incidents occur due to human error, with 91% of attacks using email for an entry point. 

·      The legal sector is particularly vulnerable with 75% of the UK’s top 100 law firms having been affected by a cyber-attack. 

Mark stated that cyber-attacks continue to rise against law firms due to a number of reasons including the move to the cloud, a lack of patch testing, legacy systems and the fact that attacks are becoming more sophisticated and complex. Another significant contributor is the move to remote working and the use of public internet connections in collaborative workspaces and cafes. 

Mark finished his talk with some recommendations on how to protect yourself and your business against cyberattacks including conducting regular attack surface discoveries, action lost credentials and reduce password sharing, upgrade and patch old software and limit where your data can go. 

Overall, it was a fantastic event, thank you to everyone who took part as speakers or attendees, and particular thanks to Jungle IT for partnering with us on this event, and to the team at Bruntwood SciTech who made everyone feel so welcome on the day.