Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. For members
  3. Business support
  4. Technology
  5. Cybersecurity guide
  6. Hot topics
  7. Six cyber security resolutions for your firm

Six cyber security resolutions for your firm

David Fleming, Chief Technology Officer at Mitigo gives his six top cyber security resolutions for 2021.

Never in the history of your working life should it be clearer that you need to allocate budgets and resources to mitigate known risks. Cybercrime, with its ever-increasing prevalence, is one of those risks and the start of a new year is always a good time to start planning. So, in that context here are my suggested 2021 cyber security resolutions for law firms:

Invest time to understand your risk from cyberattacks

  • Cyber attacks are indiscriminate, they hit any vulnerability they can find. I suggest you get the right group of experts together to assess your risks, and then consider the controls you have in place to reduce that risk e.g., policy, training, software, support, etc. Consider paying for a vulnerability risk assessment that can guide you on where to start.

Get your remote connections FIT for purpose

  • From March last year, cyber criminals have had a field day compromising poorly set up remote connections. In the rush to connect remotely, speed was prioritised over security. Please carry out the exercise to make sure your connections are fit for purpose in 2021. This includes logins to cloud platforms, VPN connections to the office and all versions of remote desktop control. And pay extra attention if you have allowed staff to use their own computers.

Stop assuming that your IT support have this covered

  • The law firms that got hit last year still assumed this. In our experience IT do not look after this because they are not risk or cyber experts and you are frankly not paying them to shoulder this responsibility. This assumption can be a blocker to firms acting.

Change employee habits through training, testing and simulation 

  • All the incidents we investigated last year had an element of human error. Good resolutions change bad habits. This includes link-clicking, alert-ignoring, update-delaying, data-syncing… I could go on. Best practice is to follow up training with simulated attacks on staff, e.g., a pretend email phishing campaign, to strengthen a defensive culture.

Write and communicate a mobile phone policy

  • Do not forget mobile phones. Personal and work mobile use can be necessary for business. But have you got a policy on it, with the necessary controls in place? Cyber criminals increasingly rely on mobile phones as an entry point to company systems. Once you have agreed what your policies are you will need to configure your technology to support your approach.

Prove to yourself that your back-up actually works

  • Most back-ups that we check will not survive a ransomware attack because they are poorly configured. Have you ever had this checked? And is it still operating correctly in this remote working world? Staff may have started storing files locally for convenience or even started using third-party storage. Have you still got control of your data footprint?

Obviously, this is not an exhaustive list, but I am hoping it will get you thinking about this subject because it isn’t going away. Indeed, the cyber criminals are more organized than ever, and their attacks are increasingly sophisticated. It is a lucrative business for them, so they invest money and resources into constantly improving their game. I suggest you use the start of 2021 to do the same.

This article was produced by our Strategic Partners Mitigo. Take a look at their full service offer on our member benefit page

Add To Favorites

Additional

  • Hot topics

In this section

  • Why human error is still your top cybersecurity risk
  • Six cyber security resolutions for your firm
  • Cyber security in a year of crisis
  • Ransomware – the alarming trend in 2020
  • Cyber attacks and home working
  • The real cost of a cyber incident
  • Email account takeover
  • Invoice hijacking
  • Out of office risks
  • Why cyber insurance isn’t a substitute for cyber risk management
  • The battle against cybercrime – new government proposals
  • New Government Cyber Governance Code of Practice – it’s a question of leadership
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited