The Society has published a new guide for solicitors to help them reduce the risk of cyberattacks.
The Guide to Cybersecurity sets out key risk areas, the potential impact and consequences of a cybersecurity breach and what solicitors can do to help significantly reduce the likelihood of a successful attack on a their business.
Cybersecurity risks for law firms include:
- IT systems – IT system security can be compromised in many ways, for example if updates are not regularly installed, systems can quickly become vulnerable to attack.
- Physical security – cybercriminals can use information leaked either over the phone or in hard copy to access IT systems.
- Staff – without proper training, staff unaware of risks are a big threat as they can disclose data or make unauthorised transactions in response to a seemingly plausible request.
The guide also highlights the need for a well-thought-out response and disaster recovery plan in the event of a successful cyberattack.
Helena Brown, vice convener of the Society’s Technology Law & Practice Committee, and data protection and intellectual property partner at Addleshaw Goddard, said: “Cybercrime poses one of the most important challenges to business, with increasing numbers affected by frauds and scams.
“Many of the threats to legal firms are no different to other businesses, but in the legal world, where keeping client information confidential and client funds secure is paramount, the consequences of not having a robust cybersecurity plan in place can be extremely severe, not only in terms of potential data or financial losses but also to the reputation of the firm.
“While there is no shortage of information on cybercrime and cybersecurity in general, we wanted to have a look at the issues from the perspective of solicitors and legal practices. The Society’s guide has been designed to help solicitors and their staff team understand and defend against cyber threats. It provides simple tips that could help safeguard information and protect against reputational damage.”
A copy of the new guide, which has been sponsored by IT consultancy Quorum and cybersecurity company Sapphire, will be sent to all law firms and can also be read online on the Society’s website.
James Frost, managing director of Quorum, observed: “With the increasingly hostile threat landscape, cybersecurity is now one of the top priorities for all law firms to ensure their data, finances, and ultimately their reputation are protected. Quorum believes it is important that firms are armed with as many tools as possible to defend themselves and that’s why we chose to support the Law Society’s new guidance.”
Sapphire CEO Annabel Berry added: “We wholly support the new cybersecurity guidance. Having specialised in cybersecurity for 21 years, we fully endorse the pragmatic advice which the guide offers and the practical steps recommended for every law firm to take to ensure their data, assets and users are as secure as possible.”
In this issue
- Family law: still scope for reform
- People's court
- The importance of lawyers in a democratic society
- Thy will be done
- Children's rights and physical punishment
- Pension sharing and professional negligence
- Reading for pleasure
- Opinion: Bruce Adamson
- Book reviews
- Profile
- President's column
- People on the move
- 400 years – still innovating
- Litigation: a bill to settle
- Access to justice: the small print
- Benefits of devolution
- The changing role of the courts in our democracy
- Core values
- The will bank opportunity
- Deep and meaningful
- The fall and rise of interrogatories
- To act or not to act?
- Immigration issues: more red tape
- Taxman scores winner in Rangers contest
- EIA: the regimes change
- Scottish Solicitors' Discipline Tribunal
- Practitioners or salesmen?
- Where the buck stops
- Law reform roundup
- Cyber basics for lawyers
- Practice points from missives review
- Money laundering update: new regulations in force
- Courts raise the stakes
- May: the force be not with you
- Conference success
- SYLA: 2016-17 in focus
- Ask Ash
