In the movie The Matrix, there is one pivotal scene where Agent Smith has Neo by the neck as a subway train approaches. The dialogue that comes next is genius: “You hear that Mr. Anderson? That is the sound of inevitability.” In the movie, Neo is able to escape the rapidly approaching train, but many organizations will not be so lucky due to two inevitabilities: cyber-attacks and the associated data loss.
The world has experienced major cyber-attacks with over 8.8 billion records having been breached or rendered irrecoverable and 105 cyber-attack incidents recorded in the month of May alone! READ THE ARTICLE.
There were some huge breaches covered in the media but in reality, the size of the incident is often less important than the damage caused. For example an email gaffe in May exposed the identities of 250 abuse survivors in Northern Ireland which has suffered to undermine the confidence that these individuals had in the institutions who had a duty of care for them and even worse, in several cases could have even traumatised these victims further READ THE ARTICLE. Additionally a major law firm that was representing “A-List” celebrities was also breached and sensitive personal information amounting to 756Gb of data was exposed and posted in the dark web. The treasure trove of information included Non-disclosure agreements, contracts, contact details and all correspondence with the law firm in question READ THE ARTICLE. This later breach obviously goes against the grain relating to the law firms needing to provide their client with total confidentiality at all times. In the UK as well as Europe, a breach that leaked this sort of information would also have a secondary and equally problematic result as it would fall under the auspices of the General Data Protection Protocol (GDPR) and would require a full disclosure to the Information commissioner’s office (ICO) and where additional consequences are then a distinct possibility.
The question to all organisations is therefore fairly simple: “What can you do to deal with the inevitability of cyber-attacks and the associated data loss?”
Whether you’re dealing with cyber-attacks and the associated consequences of data loss, success or failure will come down to your organisations preparation. Forget investing in new security technology for a moment as often this is simply going to address a point issue in isolation. First, step back and look at what the most important asset your law firm has and you will likely arrive at the answer: your data.
If you don’t protect your data, all the security in the world really doesn’t matter much. Whether it’s WannaCry, NotPetya, or from a phishing email actioned by an unsuspecting member of staff or someone who accidentally used “TO” or “CC” instead of “BCC” when mailing a client list with important information. If you don’t have a handle on your data, you lose.
Responding to the inevitable cyber-attack and attempting to meet the latest compliance regulations both require virtually the same level of preparation and planning. Organizations need to first understand exactly where all their data lives — including data in cloud applications and on mobile devices — in order to visualize the full scope of their data attack surface. Once an organization understands their data attack surface, two things happen. First, they gain a much more comprehensive level of visibility into their responsibilities under various compliance regulations. Second, they gain an understanding of the proportionate security controls required to protect that data.
Proper preparation requires using a combination of technology and process in order to recover from cyber-attacks and/or be in compliance with regulations such as GDPR. While there are no magic bullets and no one vendor product will solve all problems, PAV has helped legal organizations just like yours to utilise technology that best prepares them to recover from the inevitability of a disruptive cyber-attacks with all of the associated consequences.
Stevensdrake is an award-winning law firm based in the South East with history dating back to 1782 and where it has maintained Lexcel accreditation since 2005. They are also recognised by the leading independent legal directory, The Legal 500. Stevensdrake appreciated that cyber-attack and the effect on their data was inevitable and prioritised the delivery of a fully delivered and managed PAV i.t. services cloud based data management platform as well as the adoption of O365 to boost employee productivity yet at the same time including the deployment of an email filtering and quarantine technology that was fully integrated to ensure against phishing attacks on end users.
“Having worked with PAV i.t Services as a trusted advisor for our IT requirements for many years, we had a high level of confidence in their experience and expertise to propose a managed cloud backup and DR solution which matched our business requirements, giving us a scalable and cost effective solution which provided us with the assurance our data is both fully protected and available.”
Neil Harding
IT Manager
Stevensdrake Solicitors
Key technologies chosen include: Commvault BaaS, Office 365, Mimecast.
Stevensdrake have experienced an increase in the size of their front end data over the past few years, and expect that trend to continue. They were reassured that the managed backup service allowed for a doubling of front end storage with zero incremental costs for data management being associated…
As a result, all of the partners at Stevensdrake will be very happy with the Information Technology project as well!
If you would like to know more or speak to our organisation about how we can support your fight against the inevitable, then please message info@pav.co.uk for more information.
