How Law Firms Can Help Protect Clients Against Cyberattacks

As the legal industry grows increasingly digitised, what can firms do to ensure they do not become the victim of a costly attack?

The use of technology to handle data has significantly increased efficiency in the legal sector over the past decade or so. When it comes to due diligence and security, software does not tire as humans do and it can increase accuracy and efficiency when completing tasks.

In the post-pandemic world, many companies generally will be switching to a hybrid model of working. This means that they will become more reliant on secure programmes to protect data while ensuring employees can share and access it easily.

The needs of companies have changed drastically in the past year, and it is imperative they should find the right programmes for themselves going forwards. Legal professionals can play a pivotal role in advising on minimum security needs and pointing clients towards the right programmes to support their needs.

A key issue is that with more data being stored in a digital world, more opportunities for cyberattacks are created.  Cyberattacks can involve hacked devices, network breaches or stolen data, all of which can seriously damage commercial interests and be financially devastating.

The consequences of cyberattacks go far wider than internal disruption. They include reputational damage, fines from regulators, loss of revenue, loss of customers, the need to pay out compensation to customers and the cost of resources needed to combat cyberattacks. Real estate is a sector that is particularly attractive to hackers because of the frequent, high-value transactions between multiple parties taking place digitally.

Despite this, there is a common perception from real estate professionals across Europe that the industry is unprepared to deal with cyberattacks, with many expecting the number of attacks on businesses to increase in the coming years.

There is a common perception from real estate professionals across Europe that the industry is unprepared to deal with cyberattacks.

Controlling external parties’ access to information is of particular concern because it is difficult to monitor and limit. Protecting information flows between devices, protecting against ransomware and controlling employees’ access to information are other vulnerable areas for companies operating in real estate asset management. As the industry looks to get this issue under control and implement changes to enhance protections, legal professionals will be key to supporting companies and ensuring the correct processes are applied.

Key steps to keep in mind when advising clients on developing a strategy to address potential cyberattacks include:

Countering the threat

Early warning systems – Identifying a cyberattack is often much harder than it might seem. Adequate monitoring is essential to highlight breaches as soon as possible. This monitoring system must pinpoint when attacks have taken place, what kind of attacks they are and the impacts they could have.

Containing the attack – Responsibility for this must rest with either the IT department or be tasked to an external cybersecurity specialist.

Effective recovery strategy

Transparency – Stakeholders are unforgiving of product and service providers who breach trust by failing to make them aware of important developments at the earliest opportunity.

Reporting incidents – Issues should be reported in a timely manner to relevant authorities and customers. This is even more imperative under the GDPR reporting rules.

Response plan – This must include a PR and marketing strategy to mitigate negative publicity as well as informing key stakeholders on the type of attack involved.

Key points of consideration for companies

Governance – A core group should be made responsible for monitoring, developing and implementing cybersecurity programs and policies.

Strategy management – Response plans must be updated regularly to ensure they are fit for purpose.

Training – Team members beyond just the IT department must be kept informed of the risks faced by the company and its cybersecurity policies.

While prevention is key, it is just as important to have an effective recovery strategy in place. If the right procedures are in place, cyberattacks can be contained and recovery can begin immediately.

Surviving in a digital world

The potential for cyberattacks is growing as digitisation becomes an ever-increasing part of commercial life. Preventing such attacks by having the right protection in place will always be less costly than recovering from a breach.

This requires companies to secure and manage data in the right way. While real estate companies need to fully consider all their options, cloud-based data storage in the form of virtual data rooms (VDRs) offer a robust solution for many of them.

Drooms’ VDR products provide the security protocols to meet all the best practice principles outlined above. They tick all the boxes in terms of being fully GDPR-compliant and having encryption, multi-factor authentication and back-up solutions in place.

These are all the factors that real estate companies must ensure they have covered in today’s world. Protecting against cyberattacks is not a luxury; it is essential for their survival.


Rosanna Woods, Managing Director UK

Drooms GmbH

Address: 11-12 Tokenhouse Yard, London, EC2R 7AS

Tel: (+44) 207 118 1100



Leave A Reply