*/
Hot on the heels of a criminal defence firm being fined £98,000 after a ransomware attack, a new tool is about to be launched to help protect clients’ data. Andrew McQuarrie finds out more...
‘Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
As the operations manager at a leading commercial set, Jacky Chase knows a thing or two about keeping cybercriminals at bay.
‘You would have to be living the life of a hermit to not realise that cyber fraud is on the increase,’ says Jacky, of London’s Essex Court Chambers.
Two weeks after Jacky uttered these words, the Information Commissioner’s Office announced a £98,000 fine for a criminal defence firm struck by a ransomware attack.
But cybersecurity has been the talk of the legal industry for some time – not least last year, says Jacky, when two chambers were reported to have been targeted.
Many solicitors’ firms reacted by drawing up questionnaires and sending them to chambers, she explains, in an attempt to gain reassurances that data was being stored securely.
Some of the questionnaires were between 80-100 questions long, which posed a massive challenge for those chambers without IT staff.
‘Whereas many of the large law firms have whole IT departments with five, six or seven members of staff, all specialists in their area, most chambers either have no-one, with everything being outsourced, or one or two internal people.’
As a result, for Essex Court Chambers and many others, answering the questionnaires took up ‘an inordinate amount of time and effort’, Jacky says.
Jacky Chase, Operations Manager at Essex Court Chambers
And it didn’t help that some of the questions were particularly complex.
‘Some of the terminology in the questionnaires was so technical that I didn’t understand the questions,’ Jacky recalls.
Now, however, Jacky believes a solution has been found – in the form of a simpler, standardised questionnaire.
The new form, containing a total of 24 questions, has been created by a cybersecurity working group set up by the Law Society and the Bar Council.
Jacky believes the questionnaire is ‘a vital tool in ensuring your chambers has taken all possible care in protecting its data’.
She adds that it should be easily used by everyone, ‘from a sole practitioner to large chambers’.
For those who fail to take cybersecurity seriously, there is potentially much at stake – Jacky describes the consequences as ‘huge’.
‘First of all, your obligation under GDPR is to keep your client’s data safe,’ says Jacky.
‘If you were to lose your client’s data, the fines – if it was decided it was your fault – could be endless.
‘The fines have got lots of noughts on the end. But, even more than that, your business’s reputation [gets damaged].
‘You’re in competition with all the other chambers and if your clients don’t feel their data is safe with you, they’ll go somewhere else.’
Although cybersecurity threats go beyond hackers, cybercriminals are certainly among the most menacing – and, it seems, the most mysterious.
‘I don’t think that most hackers are looking for anything in particular,’ says Jacky, who senses a ‘scattergun’ approach.
She says: ‘They’re not actually interested in the data. What they’re interested in is saying, “If I’ve got your data, I can charge you a lot of money to release that data. Not only do you not want that data going anywhere else; you need that data”.’
Giving staff proper training is one of the best ways that an organisation can stop its data getting lost or falling into the wrong hands.
‘The key thing is to make sure your people are aware of what cybersecurity is, why it’s important and why there are things that they should do and should not do,’ says Jacky, who believes training should be mandatory for everyone.
‘People are your weakest point. It’s someone clicking a link on an email [and getting hacked]. You see examples of it all the time.’
Social media is another dangerous territory, says Jacky, with scammers known to use platforms including Instagram.
‘Anywhere that you can impersonate someone could be [host to] cyber fraud,’ says Jacky. ‘If you can’t physically see someone, how do you know that they are who they say they are? Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
But cybersecurity is not only about protecting yourself against hackers and fraudsters.
‘It’s also about other things that can happen to your data,’ says Jacky. ‘It could be a flood, it could be a fire, it could be a power outage, it could be as simple as someone pressing the wrong key on the keyboard.’
Yet no matter how someone ends up losing their data, Jacky would ‘hope that somewhere there would be a back-up that you could use’.
‘It’s about keeping that data secure even if something outside your control happens,’ she says.
In terms of top tips on cybersecurity, Jacky suggests that the basics go a long way.
‘It’s making sure that people are using encryption, that people are using good passwords.’
More detailed steps will be laid out in the new questionnaire – set for release on 25 March – and advice is also available from the National Cyber Security Centre (NCSC), whose 10 Steps to Cyber Security forms the basis of the questionnaire.
‘Keeping your data secure is simply about knowing what data you hold, where it is kept and making sure you control access to it,’ says Jacky.
Recommending people to go through the questionnaire at least twice a year, she adds: ‘We can all think we’re secure until the day something happens.’
‘Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
As the operations manager at a leading commercial set, Jacky Chase knows a thing or two about keeping cybercriminals at bay.
‘You would have to be living the life of a hermit to not realise that cyber fraud is on the increase,’ says Jacky, of London’s Essex Court Chambers.
Two weeks after Jacky uttered these words, the Information Commissioner’s Office announced a £98,000 fine for a criminal defence firm struck by a ransomware attack.
But cybersecurity has been the talk of the legal industry for some time – not least last year, says Jacky, when two chambers were reported to have been targeted.
Many solicitors’ firms reacted by drawing up questionnaires and sending them to chambers, she explains, in an attempt to gain reassurances that data was being stored securely.
Some of the questionnaires were between 80-100 questions long, which posed a massive challenge for those chambers without IT staff.
‘Whereas many of the large law firms have whole IT departments with five, six or seven members of staff, all specialists in their area, most chambers either have no-one, with everything being outsourced, or one or two internal people.’
As a result, for Essex Court Chambers and many others, answering the questionnaires took up ‘an inordinate amount of time and effort’, Jacky says.
Jacky Chase, Operations Manager at Essex Court Chambers
And it didn’t help that some of the questions were particularly complex.
‘Some of the terminology in the questionnaires was so technical that I didn’t understand the questions,’ Jacky recalls.
Now, however, Jacky believes a solution has been found – in the form of a simpler, standardised questionnaire.
The new form, containing a total of 24 questions, has been created by a cybersecurity working group set up by the Law Society and the Bar Council.
Jacky believes the questionnaire is ‘a vital tool in ensuring your chambers has taken all possible care in protecting its data’.
She adds that it should be easily used by everyone, ‘from a sole practitioner to large chambers’.
For those who fail to take cybersecurity seriously, there is potentially much at stake – Jacky describes the consequences as ‘huge’.
‘First of all, your obligation under GDPR is to keep your client’s data safe,’ says Jacky.
‘If you were to lose your client’s data, the fines – if it was decided it was your fault – could be endless.
‘The fines have got lots of noughts on the end. But, even more than that, your business’s reputation [gets damaged].
‘You’re in competition with all the other chambers and if your clients don’t feel their data is safe with you, they’ll go somewhere else.’
Although cybersecurity threats go beyond hackers, cybercriminals are certainly among the most menacing – and, it seems, the most mysterious.
‘I don’t think that most hackers are looking for anything in particular,’ says Jacky, who senses a ‘scattergun’ approach.
She says: ‘They’re not actually interested in the data. What they’re interested in is saying, “If I’ve got your data, I can charge you a lot of money to release that data. Not only do you not want that data going anywhere else; you need that data”.’
Giving staff proper training is one of the best ways that an organisation can stop its data getting lost or falling into the wrong hands.
‘The key thing is to make sure your people are aware of what cybersecurity is, why it’s important and why there are things that they should do and should not do,’ says Jacky, who believes training should be mandatory for everyone.
‘People are your weakest point. It’s someone clicking a link on an email [and getting hacked]. You see examples of it all the time.’
Social media is another dangerous territory, says Jacky, with scammers known to use platforms including Instagram.
‘Anywhere that you can impersonate someone could be [host to] cyber fraud,’ says Jacky. ‘If you can’t physically see someone, how do you know that they are who they say they are? Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
But cybersecurity is not only about protecting yourself against hackers and fraudsters.
‘It’s also about other things that can happen to your data,’ says Jacky. ‘It could be a flood, it could be a fire, it could be a power outage, it could be as simple as someone pressing the wrong key on the keyboard.’
Yet no matter how someone ends up losing their data, Jacky would ‘hope that somewhere there would be a back-up that you could use’.
‘It’s about keeping that data secure even if something outside your control happens,’ she says.
In terms of top tips on cybersecurity, Jacky suggests that the basics go a long way.
‘It’s making sure that people are using encryption, that people are using good passwords.’
More detailed steps will be laid out in the new questionnaire – set for release on 25 March – and advice is also available from the National Cyber Security Centre (NCSC), whose 10 Steps to Cyber Security forms the basis of the questionnaire.
‘Keeping your data secure is simply about knowing what data you hold, where it is kept and making sure you control access to it,’ says Jacky.
Recommending people to go through the questionnaire at least twice a year, she adds: ‘We can all think we’re secure until the day something happens.’
Hot on the heels of a criminal defence firm being fined £98,000 after a ransomware attack, a new tool is about to be launched to help protect clients’ data. Andrew McQuarrie finds out more...
The Chair of the Bar sets out how the new government can restore the justice system
In the first of a new series, Louise Crush of Westgate Wealth considers the fundamental need for financial protection
Unlocking your aged debt to fund your tax in one easy step. By Philip N Bristow
Possibly, but many barristers are glad he did…
Mental health charity Mind BWW has received a £500 donation from drug, alcohol and DNA testing laboratory, AlphaBiolabs as part of its Giving Back campaign
The Institute of Neurotechnology & Law is thrilled to announce its inaugural essay competition
How to navigate open source evidence in an era of deepfakes. By Professor Yvonne McDermott Rees and Professor Alexa Koenig
Brie Stevens-Hoare KC and Lyndsey de Mestre KC take a look at the difficulties women encounter during the menopause, and offer some practical tips for individuals and chambers to make things easier
Sir Geoffrey Vos, Master of the Rolls and Head of Civil Justice since January 2021, is well known for his passion for access to justice and all things digital. Perhaps less widely known is the driven personality and wanderlust that lies behind this, as Anthony Inglese CB discovers
The Chair of the Bar sets out how the new government can restore the justice system
No-one should have to live in sub-standard accommodation, says Antony Hodari Solicitors. We are tackling the problem of bad housing with a two-pronged approach and act on behalf of tenants in both the civil and criminal courts