Standard cyber-security form to aid solicitors instructing barristers


Cyber security: Encouraging a culture of change

A standardised form for solicitors to assess the cyber-security arrangements of chambers they instruct has been launched by the Law Society and Bar Council.

Introducing it at the Law Society’s risk and compliance conference on Friday, Andrew McWhir – the society’s technology policy adviser – said the aim was to “promote a culture of change” and for both law firms and chambers, and chambers and their individual barristers, to have “earlier and more intelligent conversations” about security.

It should also reduce the administrative burden for both law firms and chambers. The National Cyber Security Centre was among those consulted on the questionnaire’s contents.

It does not cover barristers’ individually owned and managed devices, or IT services they procure directly.

After ascertaining what central IT systems a chambers provides for its barristers, the questionnaire features 25 ‘yes/no/don’t know’ questions on risk management, engagement and training, asset management, architecture and configuration, vulnerability management, identity and access management, data security, logging and monitoring, incident management, and supplier security.

The joint Law Society and Bar Council working group that drafted the document said it had been “mindful of problems associated with inappropriate and/or irrelevant questions being asked of barristers’ chambers”.

For that reason, it recommended avoiding supplementary questions where possible, or at least separating them from the primary questionnaire.

The working party recommended that chambers review their answers every six months.

At the conference, Bar Council policy and programmes manager Stuart McMillan said there had been a debate about whether to make training compulsory, but as the goal was a culture change, “we came down on the side of ‘encourage’”.

Law firms could still mandate training as part of their contractual arrangements with chambers.

Law Society president I Stephanie Boyce added: “We know that no one tool can offer complete protection against cyber threats, so firms will need to continue to take other precautions, but the development of the questionnaire is an important step in the right direction.”

Mark Fenhalls QC, chair of the Bar Council, said: “This valuable new tool will help reassure clients that data is kept as secure as possible.

“The joint work of the Law Society and the Bar Council will make it easier for solicitors and barristers to defend themselves against cyber attacks.”

The questionnaire can be found here and here.




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog


Compliance in the age of technology

Does keeping up with best practice for your law firm in compliance, finance and risk management keep you awake at night? If so, you are not alone.


Continuing competence still in the SRA’s headlights

The SRA’s second annual assessment of continuing competence leaves lawyers and COLPs in little doubt that the regulatory spotlight is still firmly on whether skills and knowledge are being maintained.


How the Oldham community helped my law firm against rioters

On the evening of 7 August, we anxiously watched CCTV footage from outside the building, waiting for the mob. Our blood ran cold when we saw a group of around 150 people approaching.


Loading animation