With reams of sensitive personal data and transactions that involve large sums of money, the legal sector is undeniably a massive target for cyber crime.
Cyber enabled crime continues to rise in both scale and complexity, with criminals taking advantage of the digital transformation of services that accelerated during COVID, as well as new flexible working models. Today, it is not so much if you have a cyber breach, but when and how serious.
What is Cyber Essentials and how can it help?
The National Cyber Security Centre (a part of GCHQ) introduced the Cyber Essentials scheme as part of its mission to make the UK the safest place to do business online, and to offer businesses a simple and affordable way to tackle cyber security. The Cyber Essentials controls help guard against the most common cyber security threats and certification demonstrates your commitment to cyber security.
Certification will:
Help you to take control of your cyber risk
Although many legal firms outsource their IT support to third party providers and think that will take care of the problem, it must be emphasized that cyber security is not the same as IT and is not an IT problem. No matter who is looking after your technology, cyber security remains the risk and the responsibility of the senior management within your company and should always be a high priority.
IASME has recently created the Cyber Essentials guide to using a third party IT provider to help you manage the responsibility of your cyber security. A comprehensive list of questions is available on the IASME website for you to download or print off and give to your third-party provider. Ask your provider to return the answers and relevant lists to you so that you can check that your organization meets the Cyber Essentials requirements.
Demonstrate your commitment to keeping client data safe
Reputation is a valuable asset and consumers are demanding evidence of a trusted, secure service provider for their sensitive data. Organizations need to show that they are taking cyber security seriously. By achieving Cyber Essentials certification, you can prove your commitment to cyber security and stand out from your competitors.
Provide a level of Cyber Liability insurance
If your firm is UK-domiciled with a turnover under £20m and you achieve Cyber Essentials certification covering your entire organization, you will be able to opt-into the included cyber liability insurance. This does not involve any additional cost or forms. The insurance cover includes a 24hr technical and legal incident response service. Professional indemnity polices that used to protect law firms if they suffered a cyber breach are now changing their terms to restrict cover due to the high number of claims. Getting certified is a straightforward way of demonstrating to your insurance company, your business associates and your customers that you take cyber security seriously and have your house in order.
Get started with the Cyber Essentials Readiness Tool
Many legal firms find they have got all of their resources tied up running the practice rather than focused on IT and cyber security. The barrier to understanding things associated with technology can also be a significant hurdle for firms in starting their essential journey into cyber security. Firms have asked for a tool that can help them review their current level of protection and to obtain targeted advice on next steps. IASME responded to this need by developing the Cyber Essentials Readiness Tool, a free online tool with basic level guidance on the five key technical controls and related topics written in ‘plain English’. This tool is free of charge and accessible in the form of a set of questions on the IASME website. The process of working through the questions will inform an organization about their own level of understanding and what aspects they need to focus on. They will be directed towards appropriate guidance and, based on their answers, be presented with a tailored action plan and detailed guidance for their next steps towards certification.
