Law Firms and Chambers collaborate to enhance cybersecurity measures
By Law News
The Law Society and the Bar Council announced significant updates to the cybersecurity questionnaire, designed to assist law firms in evaluating the cybersecurity protocols of the chambers and barristers they engage
This initiative reflects an ongoing commitment to fortifying legal practices against the rising tide of cyber threats.
The revised questionnaire, developed in response to user feedback, now encompasses additional critical areas such as disaster recovery, business continuity, and incident management. It also emphasises data and device management, protection against phishing attacks, identifying vulnerabilities, and conducting penetration tests—key aspects that address the evolving landscape of cybersecurity.
Nick Emmerson, president of the Law Society of England and Wales, highlighted the importance of the updated questionnaire, stating: “Law firms and chambers are targets for the ever-growing threats from cyber criminals. We know that no one tool can offer complete protection against cyber threats but this updated questionnaire will help reassure clients that data is kept as secure as possible. Firms will need to continue to take other precautions, but the development of the questionnaire is an important step in the right direction.”
Echoing this sentiment, Sam Townend KC, chair of the Bar Council, emphasised the crucial nature of safeguarding client information: “Keeping client information safe is of paramount concern to barristers and chambers. Since it was launched two years ago, the cybersecurity questionnaire has provided a useful tool to help protect against the threat of cyberattacks in a proportionate way. Through joint work with the Law Society, we are making sure that this tool keeps pace with developments in cybersecurity and responds to the feedback from our members.”
In addition to the updated questionnaire, a new voluntary cyber and information security affirmation has been introduced. This affirmation is intended to clarify and document the specific roles and responsibilities of barristers and instructing solicitors regarding data handling and processing. While not legally binding, it serves as a valuable reminder of the importance of cybersecurity and information management within the legal profession.