Hub - Security

28th April 2022

The Bar Council and Law Society Release IT Security Audit Recommendations for Law Firms and Chambers

In response to the ongoing threat from ransomware attacks and the need for better tools to review information security, the Law Society and the Bar Council have joined forces to release a standardised form for solicitors to assess the cybersecurity landscape within the chambers they instruct. 

Announced at the Law Society’s Risk and Compliance Annual Conference on 25th March 2022, the aim of the questionnaire is to ensure that barristers’ chambers are security compliant and to promote a culture of change across the entire legal sector, to have “earlier and more intelligent conversations about security”. 

Comprised of only 26 questions – in order to reduce the administrative burden for both law firms and barristers’ chambers – this questionnaire focuses on central systems and services, risk management, engagement and training, asset management, architecture and configuration, vulnerability management, identity and access management, data security, logging and monitoring, incident management, and supplier security. 

It is suggested that chambers work closely with the Managed Service Providers to review their answers every six months to evaluate their cybersecurity journey. 

President of the Law Society, Stephanie Boyce said: “We know that no one tool can offer complete protection against cyber threats, so firms will need to continue to take other precautions, but the development of the questionnaire is an important step in the right direction.” 

With Mark Fenhalls QC, Chair of the Bar Council, adding: “This valuable new tool will help reassure clients that data is kept as secure as possible. The joint work of the Law Society and the Bar Council will make it easier for solicitors and barristers to defend themselves against cyberattacks.” 

It must be noted that answers to this questionnaire do not necessarily imply compliance with established frameworks such as ISO27001 and Cyber Essentials. However, reference can be made as necessary by chambers who wish to align their security strategy to an acknowledged information security standard. 

On Thursday 28th April, CTS hosted a webinar in collaboration with Cyber Tec Security, to explore why barristers’ chambers should obtain their Cyber Essentials Plus accreditation to gain confidence in the fact that their data is protected. 

Find our more by clicking here. 

 Other articles you may enjoy 

Five Practical Ways of Strengthening Your Cyber Security Posture 

Keep Your Barristers’ Chambers’ Cybersecurity Up to Par 

Combatting Spear Phishing in 2022 

The latest from CTS