<img alt="" src="https://secure.refl3alea.com/149779.png" style="display:none;">

Recommended Blogs

  • GDPR and the Cloud

    Solicitors’ practices and barristers’ chambers moving their information to the cloud have a choice, the most popular ...

    Read More
  • Best data privacy practices for the legal industry

    Data privacy has always been a critical area of importance for solicitors’ practices and barristers’ firms.  

    Read More
  • Data protection law basics - 10 things your legal firm should look out for

    Solicitors’ practices and barristers’ chambers’ databases, by the very nature of what they do, contain highly sensitive ...

    Read More
  • What is Cloud Technology? Everything You Need to Know

    It seems like saying “the cloud” is becoming more and more of an umbrella term that many people bandy about haphazardly ...

    Read More
  • Cyber Security Basics – What You Can Do Today to Protect Your Business

    It’s pointless trying to keep your business safe without first knowing what the threats are and what you can actually ...

    Read More
Best cyber resilience practices for law firms
BY Danny Killeen
With all the recent talk about the introduction of GDPR, you probably feel that you’ve read enough about cybersecurity and cyber resilience to consider yourself well-versed in the subject. And you are probably correct in thinking that. After all, you need to know this.



As a senior decision-maker for a legal firm, the information on your databases and on your system is vital. You are the trusted guardian of some or all of the following types of information:

  • criminal case
  • litigation strategies
  • IP
  • patent information
  • bank account information
  • market-sensitive information
  • human rights
  • commercial deals including mergers and acquisitions.

It’s no wonder that legal firms are finding themselves increasingly singled out for attention by cybercriminals because of the value of the information you hold if it was sold on the black market.


So, what should you do? What are the key factors you should consider when specifying a culture of cyber resilience into your systems and your people?


What is cyber resilience?


Cyber resilience is “an entity's ability to continuously deliver the intended outcome despite adverse cyber events. Cyber resilience essentially brings the areas of information security, business continuity and (organisational) resilience together."


Cyber resilience is different from cyber security. Cyber security is all about the steps you take to stop an attack from happening. Cyber resilience is a strategy to keep your practice’s wheels in motion before, during, and after an incident. What cybersecurity and cyber resilience have in common is that, to be successful, there needs to be a culture that encourages it and this culture is always led from the boardroom.


Cyber resilience is part of the same culture as cybersecurity


Cyber resilience deals with the planning and preparation for dealing with a security incident. Part of that is training the people in key positions of management to look out for risks and threats, passing them immediately to their IT team or outsourced managed service provider upon detection.


For example, what if your internal systems are infected with ransomware and the hijackers are demanding the payment of a substantial sum of money not to destroy those records? In this situation, cyber resilience is knowing what you have in the cloud and when it was last updated. If the worst happens and the cyberattack results in the corruption or the deletion of certain records, you can download that data and information again onto your network once the ransomware has been completely removed.


Another major area where cyber resilience protects both your firm and your clients is the intelligent and consistent use of data encryption. When working off-site, do your staff have instant access to the data without the need to use a password to de-encrypt information? If so, the loss of that device and everything that’s been downloaded onto it could present your practice or chambers with major GDPR and client trust issues if the data is not protected. It’s best to work with your outsourced managed services provider to ensure that all data and documentation are encrypted and password protected when they are downloaded to a new connected device.


Rigorous testing into your system’s vulnerabilities should occur frequently together with downloading patches and updates for existing software, even if rarely used, on your wider system. If you find that a program has not been used for a significant length of time, is it safe to delete it permanently because one of the cyber-attackers’ favourite ways in is through programs that have been deprecated but still sit on company servers and networks.


Consider putting your organisation through the Cyber Essentials qualification run by the Government. You may even wish to go for ISO27001.


Cyber resilience audit


Find out more about cyber crime and speak to the Sprout Team today on 020 7036 8530 or at support@sproutit.co.uk and working with you, we’ll discover how cyber resilient your practice or chambers is today and what it needs to do to get where you and your clients need it to be. 




Cyber Security legal IT cyber awareness cyber resilience