*/
Hot on the heels of a criminal defence firm being fined £98,000 after a ransomware attack, a new tool is about to be launched to help protect clients’ data. Andrew McQuarrie finds out more...
‘Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
As the operations manager at a leading commercial set, Jacky Chase knows a thing or two about keeping cybercriminals at bay.
‘You would have to be living the life of a hermit to not realise that cyber fraud is on the increase,’ says Jacky, of London’s Essex Court Chambers.
Two weeks after Jacky uttered these words, the Information Commissioner’s Office announced a £98,000 fine for a criminal defence firm struck by a ransomware attack.
But cybersecurity has been the talk of the legal industry for some time – not least last year, says Jacky, when two chambers were reported to have been targeted.
Many solicitors’ firms reacted by drawing up questionnaires and sending them to chambers, she explains, in an attempt to gain reassurances that data was being stored securely.
Some of the questionnaires were between 80-100 questions long, which posed a massive challenge for those chambers without IT staff.
‘Whereas many of the large law firms have whole IT departments with five, six or seven members of staff, all specialists in their area, most chambers either have no-one, with everything being outsourced, or one or two internal people.’
As a result, for Essex Court Chambers and many others, answering the questionnaires took up ‘an inordinate amount of time and effort’, Jacky says.
Jacky Chase, Operations Manager at Essex Court Chambers
And it didn’t help that some of the questions were particularly complex.
‘Some of the terminology in the questionnaires was so technical that I didn’t understand the questions,’ Jacky recalls.
Now, however, Jacky believes a solution has been found – in the form of a simpler, standardised questionnaire.
The new form, containing a total of 24 questions, has been created by a cybersecurity working group set up by the Law Society and the Bar Council.
Jacky believes the questionnaire is ‘a vital tool in ensuring your chambers has taken all possible care in protecting its data’.
She adds that it should be easily used by everyone, ‘from a sole practitioner to large chambers’.
For those who fail to take cybersecurity seriously, there is potentially much at stake – Jacky describes the consequences as ‘huge’.
‘First of all, your obligation under GDPR is to keep your client’s data safe,’ says Jacky.
‘If you were to lose your client’s data, the fines – if it was decided it was your fault – could be endless.
‘The fines have got lots of noughts on the end. But, even more than that, your business’s reputation [gets damaged].
‘You’re in competition with all the other chambers and if your clients don’t feel their data is safe with you, they’ll go somewhere else.’
Although cybersecurity threats go beyond hackers, cybercriminals are certainly among the most menacing – and, it seems, the most mysterious.
‘I don’t think that most hackers are looking for anything in particular,’ says Jacky, who senses a ‘scattergun’ approach.
She says: ‘They’re not actually interested in the data. What they’re interested in is saying, “If I’ve got your data, I can charge you a lot of money to release that data. Not only do you not want that data going anywhere else; you need that data”.’
Giving staff proper training is one of the best ways that an organisation can stop its data getting lost or falling into the wrong hands.
‘The key thing is to make sure your people are aware of what cybersecurity is, why it’s important and why there are things that they should do and should not do,’ says Jacky, who believes training should be mandatory for everyone.
‘People are your weakest point. It’s someone clicking a link on an email [and getting hacked]. You see examples of it all the time.’
Social media is another dangerous territory, says Jacky, with scammers known to use platforms including Instagram.
‘Anywhere that you can impersonate someone could be [host to] cyber fraud,’ says Jacky. ‘If you can’t physically see someone, how do you know that they are who they say they are? Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
But cybersecurity is not only about protecting yourself against hackers and fraudsters.
‘It’s also about other things that can happen to your data,’ says Jacky. ‘It could be a flood, it could be a fire, it could be a power outage, it could be as simple as someone pressing the wrong key on the keyboard.’
Yet no matter how someone ends up losing their data, Jacky would ‘hope that somewhere there would be a back-up that you could use’.
‘It’s about keeping that data secure even if something outside your control happens,’ she says.
In terms of top tips on cybersecurity, Jacky suggests that the basics go a long way.
‘It’s making sure that people are using encryption, that people are using good passwords.’
More detailed steps will be laid out in the new questionnaire – set for release on 25 March – and advice is also available from the National Cyber Security Centre (NCSC), whose 10 Steps to Cyber Security forms the basis of the questionnaire.
‘Keeping your data secure is simply about knowing what data you hold, where it is kept and making sure you control access to it,’ says Jacky.
Recommending people to go through the questionnaire at least twice a year, she adds: ‘We can all think we’re secure until the day something happens.’
‘Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
As the operations manager at a leading commercial set, Jacky Chase knows a thing or two about keeping cybercriminals at bay.
‘You would have to be living the life of a hermit to not realise that cyber fraud is on the increase,’ says Jacky, of London’s Essex Court Chambers.
Two weeks after Jacky uttered these words, the Information Commissioner’s Office announced a £98,000 fine for a criminal defence firm struck by a ransomware attack.
But cybersecurity has been the talk of the legal industry for some time – not least last year, says Jacky, when two chambers were reported to have been targeted.
Many solicitors’ firms reacted by drawing up questionnaires and sending them to chambers, she explains, in an attempt to gain reassurances that data was being stored securely.
Some of the questionnaires were between 80-100 questions long, which posed a massive challenge for those chambers without IT staff.
‘Whereas many of the large law firms have whole IT departments with five, six or seven members of staff, all specialists in their area, most chambers either have no-one, with everything being outsourced, or one or two internal people.’
As a result, for Essex Court Chambers and many others, answering the questionnaires took up ‘an inordinate amount of time and effort’, Jacky says.
Jacky Chase, Operations Manager at Essex Court Chambers
And it didn’t help that some of the questions were particularly complex.
‘Some of the terminology in the questionnaires was so technical that I didn’t understand the questions,’ Jacky recalls.
Now, however, Jacky believes a solution has been found – in the form of a simpler, standardised questionnaire.
The new form, containing a total of 24 questions, has been created by a cybersecurity working group set up by the Law Society and the Bar Council.
Jacky believes the questionnaire is ‘a vital tool in ensuring your chambers has taken all possible care in protecting its data’.
She adds that it should be easily used by everyone, ‘from a sole practitioner to large chambers’.
For those who fail to take cybersecurity seriously, there is potentially much at stake – Jacky describes the consequences as ‘huge’.
‘First of all, your obligation under GDPR is to keep your client’s data safe,’ says Jacky.
‘If you were to lose your client’s data, the fines – if it was decided it was your fault – could be endless.
‘The fines have got lots of noughts on the end. But, even more than that, your business’s reputation [gets damaged].
‘You’re in competition with all the other chambers and if your clients don’t feel their data is safe with you, they’ll go somewhere else.’
Although cybersecurity threats go beyond hackers, cybercriminals are certainly among the most menacing – and, it seems, the most mysterious.
‘I don’t think that most hackers are looking for anything in particular,’ says Jacky, who senses a ‘scattergun’ approach.
She says: ‘They’re not actually interested in the data. What they’re interested in is saying, “If I’ve got your data, I can charge you a lot of money to release that data. Not only do you not want that data going anywhere else; you need that data”.’
Giving staff proper training is one of the best ways that an organisation can stop its data getting lost or falling into the wrong hands.
‘The key thing is to make sure your people are aware of what cybersecurity is, why it’s important and why there are things that they should do and should not do,’ says Jacky, who believes training should be mandatory for everyone.
‘People are your weakest point. It’s someone clicking a link on an email [and getting hacked]. You see examples of it all the time.’
Social media is another dangerous territory, says Jacky, with scammers known to use platforms including Instagram.
‘Anywhere that you can impersonate someone could be [host to] cyber fraud,’ says Jacky. ‘If you can’t physically see someone, how do you know that they are who they say they are? Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
But cybersecurity is not only about protecting yourself against hackers and fraudsters.
‘It’s also about other things that can happen to your data,’ says Jacky. ‘It could be a flood, it could be a fire, it could be a power outage, it could be as simple as someone pressing the wrong key on the keyboard.’
Yet no matter how someone ends up losing their data, Jacky would ‘hope that somewhere there would be a back-up that you could use’.
‘It’s about keeping that data secure even if something outside your control happens,’ she says.
In terms of top tips on cybersecurity, Jacky suggests that the basics go a long way.
‘It’s making sure that people are using encryption, that people are using good passwords.’
More detailed steps will be laid out in the new questionnaire – set for release on 25 March – and advice is also available from the National Cyber Security Centre (NCSC), whose 10 Steps to Cyber Security forms the basis of the questionnaire.
‘Keeping your data secure is simply about knowing what data you hold, where it is kept and making sure you control access to it,’ says Jacky.
Recommending people to go through the questionnaire at least twice a year, she adds: ‘We can all think we’re secure until the day something happens.’
Hot on the heels of a criminal defence firm being fined £98,000 after a ransomware attack, a new tool is about to be launched to help protect clients’ data. Andrew McQuarrie finds out more...
Sam Townend KC explains the Bar Council’s efforts towards ensuring a bright future for the profession
Giovanni D’Avola explores the issue of over-citation of unreported cases and the ‘added value’ elements of a law report
Louise Crush explores the key points and opportunities for tax efficiency
Westgate Wealth Management Ltd is a Partner Practice of FTSE 100 company St. James’s Place – one of the top UK Wealth Management firms. We offer a holistic service of distinct quality, integrity, and excellence with the aim to build a professional and valuable relationship with our clients, helping to provide them with security now, prosperity in the future and the highest standard of service in all of our dealings.
Is now the time to review your financial position, having reached a career milestone? asks Louise Crush
If you were to host a dinner party with 10 guests, and you asked them to explain what financial planning is and how it differs to financial advice, you’d receive 10 different answers. The variety of answers highlights the ongoing need to clarify and promote the value of financial planning.
Most of us like to think we would risk our career in order to meet our ethical obligations, so why have so many lawyers failed to hold the line? asks Flora Page
If your current practice environment is bringing you down, seek a new one. However daunting the change, it will be worth it, says Anon Barrister
Creating advocacy opportunities for juniors is now the expectation but not always easy to put into effect. Tom Mitcheson KC distils developing best practice from the Patents Court initiative already bearing fruit
Sam Townend KC explains the Bar Council’s efforts towards ensuring a bright future for the profession
The long-running fee-paid judicial pensions saga continues. The current cut-off date for giving notice of election to join FPJPS is 31 March 2024, and that date now gives rise to a serious problem, warns HH John Platt
