The Law Society and the Bar Council have updated the cybersecurity questionnaire designed to help law firms better assess the cybersecurity arrangements of the chambers and barristers they instruct.
In response to feedback from users, the new version questionnaire includes considerations on disaster recovery, business continuity and incident management, as well as data and device management. Protection against phishing, identifying vulnerabilities and penetration testing are also emphasised in response to ongoing cybersecurity developments.
Nick Emmerson, president of the Law Society of England and Wales, said:
“Law firms and chambers are targets for the ever-growing threats from cyber criminals. We know that no one tool can offer complete protection against cyber threats but this updated questionnaire will help reassure clients that data is kept as secure as possible. Firms will need to continue to take other precautions, but the development of the questionnaire is an important step in the right direction.”
Sam Townend KC, chair of the Bar Council, added:
“Keeping client information safe is of paramount concern to barristers and chambers. Since it was launched two years ago, the cybersecurity questionnaire has provided a useful tool to help protect against the threat of cyberattacks in a proportionate way. Through joint work with the Law Society we are making sure that this tool keeps pace with developments in cybersecurity and responds to the feedback from our members.”
A new voluntary cyber and information security affirmation has been published alongside the questionnaire to be used by barristers and instructing solicitors to set out their specific and individual roles and responsibilities in relation to data handling and processing.
The Law Society and Bar Council’s voluntary affirmation is not contractually or legally binding but provides a useful and timely reminder of the importance of cybersecurity and information management for the legal profession.
The update from the Law Society and Bar Council comes just days after Wales-based chambers 30 Park Place, announced it has achieved a ground-breaking milestone by becoming the first legal service provider to gain LOCS:23 (Legal Services Operational Privacy Certification Scheme) certification.
The questionnaire and affirmation can be found on the Law Society and Bar Council websites.