<img alt="" src="https://secure.refl3alea.com/149779.png" style="display:none;">

Recommended Blogs

  • Mobile and phone security for legal - what are the greatest threats?

    Solicitors and lawyers often spend a great deal of their time out of the office; in court, at clients’ premises, and so ...

    Read More
  • 7 security tips for legal that might save your business from a data breach

    Data breaches are among the most significant cyber threats to law firms, alongside common scams such as phishing, ...

    Read More
  • Have a  secure Christmas (and a safe New Year!) [INFOGRAPHIC]

    Cyber security is a vital part of our everyday lives nowadays. When you work in a law firm or chambers, you use every ...

    Read More
  • A guide to Capex vs Opex for IT & Cloud

    IT spending is big business, and the way companies think about it may deserve new consideration. 2019 is forecast to ...

    Read More
  • Secure Shopping Guide - What you need to look out for to stay safe online

    The busy festive season is almost upon us, and those less comfortable with leaving their Christmas shopping to the very ...

    Read More
Best cyber resilience practices for law firms
BY Danny Killeen
With all the recent talk about the introduction of GDPR, you probably feel that you’ve read enough about cybersecurity and cyber resilience to consider yourself well-versed in the subject. And you are probably correct in thinking that. After all, you need to know this.



As a senior decision-maker for a legal firm, the information on your databases and on your system is vital. You are the trusted guardian of some or all of the following types of information:

  • criminal case
  • litigation strategies
  • IP
  • patent information
  • bank account information
  • market-sensitive information
  • human rights
  • commercial deals including mergers and acquisitions.

It’s no wonder that legal firms are finding themselves increasingly singled out for attention by cybercriminals because of the value of the information you hold if it was sold on the black market.


So, what should you do? What are the key factors you should consider when specifying a culture of cyber resilience into your systems and your people?


What is cyber resilience?


Cyber resilience is “an entity's ability to continuously deliver the intended outcome despite adverse cyber events. Cyber resilience essentially brings the areas of information security, business continuity and (organisational) resilience together."


Cyber resilience is different from cyber security. Cyber security is all about the steps you take to stop an attack from happening. Cyber resilience is a strategy to keep your practice’s wheels in motion before, during, and after an incident. What cybersecurity and cyber resilience have in common is that, to be successful, there needs to be a culture that encourages it and this culture is always led from the boardroom.


Cyber resilience is part of the same culture as cybersecurity


Cyber resilience deals with the planning and preparation for dealing with a security incident. Part of that is training the people in key positions of management to look out for risks and threats, passing them immediately to their IT team or outsourced managed service provider upon detection.


For example, what if your internal systems are infected with ransomware and the hijackers are demanding the payment of a substantial sum of money not to destroy those records? In this situation, cyber resilience is knowing what you have in the cloud and when it was last updated. If the worst happens and the cyberattack results in the corruption or the deletion of certain records, you can download that data and information again onto your network once the ransomware has been completely removed.


Another major area where cyber resilience protects both your firm and your clients is the intelligent and consistent use of data encryption. When working off-site, do your staff have instant access to the data without the need to use a password to de-encrypt information? If so, the loss of that device and everything that’s been downloaded onto it could present your practice or chambers with major GDPR and client trust issues if the data is not protected. It’s best to work with your outsourced managed services provider to ensure that all data and documentation are encrypted and password protected when they are downloaded to a new connected device.


Rigorous testing into your system’s vulnerabilities should occur frequently together with downloading patches and updates for existing software, even if rarely used, on your wider system. If you find that a program has not been used for a significant length of time, is it safe to delete it permanently because one of the cyber-attackers’ favourite ways in is through programs that have been deprecated but still sit on company servers and networks.


Consider putting your organisation through the Cyber Essentials qualification run by the Government. You may even wish to go for ISO27001.


Cyber resilience audit


Find out more about cyber crime and speak to the Sprout Team today on 020 7036 8530 or at support@sproutit.co.uk and working with you, we’ll discover how cyber resilient your practice or chambers is today and what it needs to do to get where you and your clients need it to be. 




cyber resilience Cyber Security cyber awareness legal IT