SRA Issue Timely Reminder About Cyber Security
Last week the Solicitor’s Regulation Authority (SRA) issued their cyber crime thematic review, and reminded law firms that now more than ever was a time to remain cyber secure.
The review focuses on 40 separate incidents of cyber crime reported between 2016-2019, with over £4million pocketed by criminals.
With more firms now working remotely as a result of the Coronavirus pandemic, the SRA has warned firms to be vigilant, as the legal sector is a jewel in the crown for criminals.
Of the firms questioned many said they were aware of the dangers of cyber crime and that the main form of defence against it, are the people they employ. However, only two thirds of staff in the firms visited by the SRA said they felt they had enough knowledge to understand IT and cyber security issues.
Cyber security is something that needs to be adopted across the whole of a firm, yet the SRA discovered that some senior figures were unable to answer basic questions around terminology.
More than a quarter of the firms visited didn’t have adequate cyber security controls in place leaving them vulnerable to attack.
Paul Philip, SRA Chief Executive, said:
“It will be some time before the implications of the Covid-19 pandemic for the legal sector are fully understood, but we all know that millions more people than ever before are working from home, be they law firm employees or clients. That means the need for everyone to remain cyber crime vigilant has never been higher. Law firms should make sure that they have effective cyber security policies in place, and, crucially, that everyone in the firm understands and follows these day-to-day.”
Simon Davies, President of the Law Society of England and Wales:
“The SRA’s report identified that most of the firms surveyed were aware of the dangers posed by cyber crime, and that staff knowledge and behaviour were important factors when protecting their business.”
“The Law Society has a consistent focus on cyber security – ensuring solicitors have the resources, guidance, and partnerships they need to keep their firm and their clients safe.
“This is why we must continue to share experience and expertise about emerging cyber threats, particularly in today’s environment, with so many more of us working online and remotely.
“Our guidance includes information on data protection, risk assessments, security policies and how to take appropriate technical and organisational measures to safeguard personal data.
“We also regularly update our cyber security page and have produced specific guidance on fraud prevention, cyber security and lawtech during Covid-19.
“In addition, we are hosting a free two-day virtual technology conference this month which will provide solicitors with valuable information on regulation, compliance, technology and cyber security.
“By taking issues like cyber security seriously, we ensure the public can continue to have the highest confidence in the profession.”