Cyber security for the legal profession

Law practices hold sensitive information and can often be the target of cyber attacks. The National Cyber Security Centre (NCSC) has published some specific cyber security tips to help barristers, solicitors and legal professionals in firms of all sizes protect themselves.

The tips they provide are good practice for businesses of all types. Here’s a summary of what NCSC suggests.

Backups are important

Regularly taking backups, and testing that you can restore them, allows you to be able to recover and access your client or customer data even if you are the victim of a computer virus or ransomware attack.

Update software

Software and operating system updates are important because they contain protection from viruses and other malware. Turning on ‘automatic updates’ on devices also removes the chance that you will forget to apply an update.

Encryption

Windows, Apple and Android devices all include free encryption that will stop a thief being able to access your sensitive data. Windows’ BitLocker, MacOS’s FileVault, and iOS’s advanced data protection for iCloud should all be switched on.

Use strong passwords and 2-step verification

Strong passwords are a must, and it’s particularly important to protect your email, banking and social media accounts. The three random words method or a password manager can help you create strong passwords. 2-step verification, also known as multi-factor authentication is also strongly recommended.

Use screen locks

Mobile devices should have their screen lock facility turned on, and you should use a passcode or fingerprint/face recognition to be able to access the device. Laptops and computers should also be locked when you’re not at your desk.

Firewall

When you use the internet or public networks, your device can be seen by others who are connected to the network. You should use a firewall to prevent any unwanted connections. Windows and macOS both include free firewalls.

Limit administration accounts

Administrator accounts will carry full access rights to make changes and access files. If a user doesn’t need these rights, then it is often better not to give them administrator access. Limiting the number of administrator accounts reduces the opportunity a cyber criminal has to access a user account and gain full access.

Antivirus

Make sure your antivirus software is turned on.

Track lost or stolen devices

Most devices come with the ability to remotely delete the data on the device if it is stolen or lost. Make sure this is set up properly.

Privacy permissions

Some apps will ask for permissions to access other apps, data, or system features. This may be a necessary part of the app’s function, however it could be exploited by

a criminal. Therefore, make sure that staff only have access to the apps they need to carry out their work and avoid having redundant apps to minimise a potential problem. To review the guidance in full, see: https://www.ncsc.gov.uk/guidance/cyber-security-tips-for-barristers-solicitors-and-legal-professionals