Risk management is an integral part of the service provided by Lockton, and as such, we work closely with the Law Society of Scotland and the profession to deliver a resource centre for a range of risk and compliance guidance.
Information security, cyber risk and fraud are a key focus of our risk management efforts this year, and we have just launched the first module of our e-learning on password security, which can be found on our website www.locktonlaw.scot
All law firms remain vulnerable given the volume of personal and corporate sensitive and valuable information handled, and there are differing approaches to cyber security. Some firms have chosen to spend in building their IT defences and investing in the best security software to detect attacks and system vulnerabilities, while others have also chosen to effect specialist cyber insurance as their failsafe position.
A comprehensive specialist cyber policy should be structured to offer a suite of breach response services that are vital when a firm falls prey to a cyber incident. Recent claims activity determines that it is often first-party protection that is needed, i.e. immediate support to help manage a breach. The policies (see chart below) will commonly pay for the IT forensic investigation costs needed to determine what information has been compromised and look to remediate the problem. In addition, the support of a PR company will assist the firm in managing any adverse publicity that may occur.
Types of cyber attacks
Attacks may vary; however, social engineering theft of office account or client account funds is the most common type of cybercrime.
- Some of the features that are looked for in assessing a law firm’s cyber risk are these:
- volume of personal and corporate sensitive information;
- encryption and auto wipe of all removable devices;
- documented and tested disaster recovery or business continuity plan;
- two-factor authentication access to the network;
- robust cloud vendor management; cyber security awareness training;
- penetration testing completed regularly; physical security;
- board awareness of cyber and information security.
It is prudent for law firms to undertake a gap analysis, and we in the Lockton Master Policy practice management team can assist in providing practical advice on information and cyber security.
Siobhan Fogarty qualified at the Irish Bar and is now a client director in Lockton’s Master Policy team. She can be contacted at Siobhan.email@example.com
In this issue
- Miller, Brexit and BreUK-up
- Power to the people?
- Prerogatives, Parliament and the constitution: plus ça change?
- Decisions in high places
- Reading for pleasure
- Journal magazine index 2016
- Opinion: Callum Sinclair
- Book reviews
- President's column
- Have you heard of ScotLIS?
- People on the move
- Article 50: the final say
- Where courts fear to tread
- "Wake up": how young lawyers see the future
- How healthy is our legal aid system?
- Challenging assumptions
- Planning to deliver
- Contact and the fear factor
- And the bill goes to...?
- Pakistan to join Child Abduction Convention
- Dress to impress?
- Handcuffing of prisoners and article 3
- Turning up the heat on workplace change
- Scottish Solicitors' Discipline Tribunal
- Not just for the green welly brigade
- Five by five
- Law reform roundup
- Relief over pensions and bankruptcy ruling
- Helpline plus
- Spill the beans on legal aid fraud
- The art of bringing the good news
- Cybercrime: how are you protected?
- Ask Ash
- One year rule becomes three
- From the Brussels office