Helping BLS members protect their clients, brand and reputation from the damage caused by cybercrime
Helping the legal sector build resilience to cyber threats
It was great to meet BLS members at our first cyber security and resilience event of the year. The workshop, titled ‘How to comply with the SRA cyber security recommendations’ looked at the evolving cyber threat landscape, and the advice from both the SRA and Warner McCall Resilience, on how those in the legal profession can build resilience to cyber threats.
The SRA’s Risk Outlook for 2019/2020 includes the stark warning that “Everyone is at risk… We have seen attacks and successful breaches from every area of the market.” Yet, attendees at the event commented that the majority of organisations in the legal sector were not taking the threat seriously.
It was also felt that that many regional law firms may continue to turn a blind eye to the problem, at least until a regional law firm cyber security incident hits the headlines. This is despite the National Cyber Security Centre recently advising “1 in 3 UK businesses will experience a cyber breach, so it’s important to be prepared…”
In reviewing the SRA cyber security recommendations we noted that they are aligned with the Cyber Essentials (CE) and Cyber Essentials Plus (CE+) certification requirements. CE and CE+ are often seen as a first step in building resilience to common cyber threats, yet regional take up remains low, with only nine Bristol Law Society members having gained this certification according to the Cyber Essentials website.
Another simple step we debated at the workshop is the need for regular cyber security training as, unsurprisingly, a significant proportion of data breaches are caused by human error. Building awareness through training is a simple step you can take to strengthen your ‘human firewall’.
Finally, we also discussed the importance of incident management planning, looking at examples including Travelex and Norsk Hydro. What was clear, is that having a thorough, well-practiced incident response plan is essential in helping reduce financial and reputational damage, as well as potentially reducing fines from the ICO.
For further information on how you can build resilience to cyber threats, please contact Isabel Thompson, Commercial Director at Warner McCall Resilience. Isabel has recently joined WMR from KPMG and can be contacted at firstname.lastname@example.org or on 07824 498 591.
You can also find WMR on Twitter at WMR-Cyber, LinkedIn at warner-mccall-resilience and on our website at wmr.co.uk