The Law Society and Bar Council have released an updated questionnaire aimed at assisting law firms in evaluating the cybersecurity protocols of the chambers and barristers they engage with.
Initially introduced two years ago, the questionnaire consists of 35 questions centered around the essential services provided by chambers to barristers and staff.
In response to feedback, the questionnaire has been revised to encompass aspects such as disaster recovery, business continuity, incident management, and data and device management. Additionally, there is an increased focus on measures to combat phishing attacks, identify vulnerabilities, and conduct penetration testing.
For example, chambers are now queried about the frequency of phishing or spam simulation exercises conducted and the security measures implemented to safeguard systems accessed via devices owned by self-employed barristers.
In conjunction with the questionnaire, the Law Society and Bar Council have introduced a voluntary, non-legally binding cyber and information security affirmation. This tool allows solicitors and barristers to delineate and agree upon specific roles and responsibilities regarding cybersecurity.
Nick Emmerson, President of the Law Society, emphasized the heightened risk posed by cybercriminals to law firms and chambers. While acknowledging that no single solution can provide absolute protection against cyber threats, Emmerson expressed confidence that the updated questionnaire would instill confidence in clients regarding the security of their data. He stressed the importance of continuing to implement additional precautions while applauding the questionnaire as a significant step forward in bolstering cybersecurity measures.
The release of the updated questionnaire coincides with reports of a potential cyber incident at Brick Court Chambers in London. In response, a spokesperson for Brick Court confirmed that they are actively collaborating with external cybersecurity specialists to investigate the matter. Despite the ongoing investigation, chambers remain operational, with all necessary steps being taken to secure their systems. At present, the extent of any data breach remains uncertain, and investigations are being pursued urgently to address the situation.
Source: lawgazette.co.uk
