Information Security for the Legal profession

Information is a valuable business asset that needs protecting.  This is especially true for the Legal profession that holds and controls client funds and sensitive details about their clients. The confidentiality, availability and integrity of these assets is vital for long-term success and compliance with the Law Society’s Lexcel quality mark for excellence in legal practice management and client care.

On an almost daily basis, there are stories about cyber attacks, social engineering attacks, cyber security etc. But what do they mean for a business, and what is the impact on the bottom line? A better way to think about them is in terms of theft, ransom demands, extortion and vandalism.

Why improve security?

Loss or damage to any piece of information can results in loss of business reputation and cost a significant amount of money to resolve. For example, leaking of client information, company strategy or financial details. Reasons to improve security include:

  • Protecting information about the business.
  • Protecting client information and avoiding scams such as the one that resulted in £750,000 being transferred to criminals
  • To have a risk assessment covering all information assets
  • To comply with Lexcel
  • To get information security certification; ISO27001:2013, Cyber Essentials or IASME
  • To prepare for the fully digitised UK justice system. This includes new business continuity arrangments. Despite a reduction in physical storage after the system is digitised, a viable business continuity plan will be required that allows normal business to take place. This will avoid the situation in April 2015 when the fire in Holborn closed the Royal Courts of Justice for 36 hours and the Legal Services Board for several days as neither had a full business continuity plan
Impact of a Security Incident
Impact of a Security Incident

Improving Information Security

We work with companies to develop, implement and maintain a security strategy that meets their unique business needs. With a proven background in ISO27001:2013, we have the credentials to deliver.

If you want to know about the effectiveness of your existing information and cyber security measures we can perform an Information Security Healthcheck.

Large organisations have a Chief Information Security Officer (CISO) to deliver their Information Security strategy. Smaller organisations do not have the need for a full-time CISO, but still need the expertise to deliver an security strategy that ensures sustained business success and continuity. Using our Virtual Information Security Officer (VISO) service is a cost-effective way to have an information and cyber security professional deliver the strategy alongside your team.

To get more information on how we can help your business, please contact us.