GCHQ warns law firms of risk posed by remote working

Avatar photo

By Emily Hinkley on


‘Prime targets for cybercriminals and other attackers’, report finds

The UK government’s intelligence, security, and cyber agency, GCHQ, has warned law firms of the risk associated with remote working when it comes to cyber security and staving attacks.

Since Covid-19, there has been an unprecedented shift towards remote working. In a report issued by GCHQ’s cyber defence arm, the National Cyber Security Centre (NCSC), this change is cited as a challenge for firms attempting to maintain secure working practices and protect client confidentiality.

The report, issued to law firms on Thursday, identifies Russia, Iran and North Korea as nation states that may use “criminal actors for state ends, operating to raise funds and cause disruption using criminal malware techniques”.

It suggests that the large amounts of money and confidential data that move between firms and their clients are a target for cybercriminals, highlighting the Solicitor Regulation Authority’s 2020 cyber security review which revealed 30 out of 40 law firms surveyed had been the target of a cyber attack.

Lindy Cameron, CEO of the NCSC, acknowledged that “firms are vulnerable in new ways due to changing patterns of work — accelerated in the Covid-19 pandemic — and the increasing sophistication of cyber attacks”. Cameron added the NCSC “welcomes the increased support and investment in cyber security we’re seeing across the sector”.

The 2023 Legal Cheek Firms Most List

Law Society president Lubna Shuja commented:

“By taking proactive steps to address cyber threats, we can continue to protect the rule of law, ensure access to justice, and provide secure legal services that allow businesses, individuals, and the wider economy to thrive.”

Last year Legal Cheek reported a number of incidents involving cyber attacks on the legal sector. Tuckers Solicitors, a criminal law firm, was fined £98,000 after being the target of a 2020 ransomware attack which encrypted 972,191 individual files including court bundles, some of which were placed on the dark web.

In 2021, listed law firm Gateley revealed “some client data” was compromised in a cyber security attack on its IT system. Its share price dipped by 8% within an hour of the firm releasing a statement to the London Stock Exchange acknowledging the attack had accessed “0.2% of the company’s data”.

For all the latest commercial awareness info, news and careers advice:

Sign up to the Legal Cheek Newsletter

Related Stories

Bar Council and northern law firm Ward Hadaway hit by cyber attacks

Criminals continue to target profession

Apr 28 2022 10:49am

Gateley suffers client data loss in cyber security attack

Breach quickly identified by IT team who moved immediately to secure systems, firm says

Jun 17 2021 11:30am