By: 3 July 2024
How the legal sector is tightening cybersecurity

Mathew McGee is a partner in DAC Beachcroft’s office of the general counsel and a member of the joint Law Society-Bar Council Cybersecurity Working Group.

 

Cybersecurity is a key concern for the legal sector, as cyberattacks can compromise client data, business assets, business continuity and professional reputation.

As many may recall following a number of cyberattacks impacting barristers and their chambers in 2021, the Law Society and the Bar Council formed a Cybersecurity Working Group that same year, with a small number of representatives from solicitors, barristers and information security experts, to address this challenge.

One of the outcomes of the group was to create and release a standardised Information Security Questionnaire, which solicitors could send to barristers and their Chambers to assess their security measures for common IT systems. The questionnaire, which was first published in 2022, had 24 questions covering essential security areas. Its aim was twofold; firstly to help Chambers implement appropriate base controls, and secondly to raise awareness of the importance of having the appropriate security measures in place.

The legal market widely adopted the questionnaire, which seemingly helped reduce the number of cyberattacks affecting barristers and their Chambers. However, cyber risks remain ever-present, and we continue to see such incidents as the threat evolves and the misuse of technology changes.

In May, the group published a second version of the questionnaire, which included some new security topics. For the first time, the group also published a voluntary Cyber and Information Security Affirmation, which solicitors can attach (or automatically append from a case management system) to their instructions to barristers. This affirmation serves as an aide-mémoire to ensure the protection of shared information.

The questionnaire and affirmation are useful tools to ensure a baseline understanding and application of security controls to protect the information being shared. Although the questionnaire and affirmation can’t mitigate all risks, they should help legal professionals maintain the trust of their clients, not only through the protection of their information but also through high-quality legal services delivery.

 

Image: Provided by DAC Beachcroft.
Guest Post
This post has been contributed by a guest writer.