*/
Hot on the heels of a criminal defence firm being fined £98,000 after a ransomware attack, a new tool is about to be launched to help protect clients’ data. Andrew McQuarrie finds out more...
‘Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
As the operations manager at a leading commercial set, Jacky Chase knows a thing or two about keeping cybercriminals at bay.
‘You would have to be living the life of a hermit to not realise that cyber fraud is on the increase,’ says Jacky, of London’s Essex Court Chambers.
Two weeks after Jacky uttered these words, the Information Commissioner’s Office announced a £98,000 fine for a criminal defence firm struck by a ransomware attack.
But cybersecurity has been the talk of the legal industry for some time – not least last year, says Jacky, when two chambers were reported to have been targeted.
Many solicitors’ firms reacted by drawing up questionnaires and sending them to chambers, she explains, in an attempt to gain reassurances that data was being stored securely.
Some of the questionnaires were between 80-100 questions long, which posed a massive challenge for those chambers without IT staff.
‘Whereas many of the large law firms have whole IT departments with five, six or seven members of staff, all specialists in their area, most chambers either have no-one, with everything being outsourced, or one or two internal people.’
As a result, for Essex Court Chambers and many others, answering the questionnaires took up ‘an inordinate amount of time and effort’, Jacky says.
Jacky Chase, Operations Manager at Essex Court Chambers
And it didn’t help that some of the questions were particularly complex.
‘Some of the terminology in the questionnaires was so technical that I didn’t understand the questions,’ Jacky recalls.
Now, however, Jacky believes a solution has been found – in the form of a simpler, standardised questionnaire.
The new form, containing a total of 24 questions, has been created by a cybersecurity working group set up by the Law Society and the Bar Council.
Jacky believes the questionnaire is ‘a vital tool in ensuring your chambers has taken all possible care in protecting its data’.
She adds that it should be easily used by everyone, ‘from a sole practitioner to large chambers’.
For those who fail to take cybersecurity seriously, there is potentially much at stake – Jacky describes the consequences as ‘huge’.
‘First of all, your obligation under GDPR is to keep your client’s data safe,’ says Jacky.
‘If you were to lose your client’s data, the fines – if it was decided it was your fault – could be endless.
‘The fines have got lots of noughts on the end. But, even more than that, your business’s reputation [gets damaged].
‘You’re in competition with all the other chambers and if your clients don’t feel their data is safe with you, they’ll go somewhere else.’
Although cybersecurity threats go beyond hackers, cybercriminals are certainly among the most menacing – and, it seems, the most mysterious.
‘I don’t think that most hackers are looking for anything in particular,’ says Jacky, who senses a ‘scattergun’ approach.
She says: ‘They’re not actually interested in the data. What they’re interested in is saying, “If I’ve got your data, I can charge you a lot of money to release that data. Not only do you not want that data going anywhere else; you need that data”.’
Giving staff proper training is one of the best ways that an organisation can stop its data getting lost or falling into the wrong hands.
‘The key thing is to make sure your people are aware of what cybersecurity is, why it’s important and why there are things that they should do and should not do,’ says Jacky, who believes training should be mandatory for everyone.
‘People are your weakest point. It’s someone clicking a link on an email [and getting hacked]. You see examples of it all the time.’
Social media is another dangerous territory, says Jacky, with scammers known to use platforms including Instagram.
‘Anywhere that you can impersonate someone could be [host to] cyber fraud,’ says Jacky. ‘If you can’t physically see someone, how do you know that they are who they say they are? Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
But cybersecurity is not only about protecting yourself against hackers and fraudsters.
‘It’s also about other things that can happen to your data,’ says Jacky. ‘It could be a flood, it could be a fire, it could be a power outage, it could be as simple as someone pressing the wrong key on the keyboard.’
Yet no matter how someone ends up losing their data, Jacky would ‘hope that somewhere there would be a back-up that you could use’.
‘It’s about keeping that data secure even if something outside your control happens,’ she says.
In terms of top tips on cybersecurity, Jacky suggests that the basics go a long way.
‘It’s making sure that people are using encryption, that people are using good passwords.’
More detailed steps will be laid out in the new questionnaire – set for release on 25 March – and advice is also available from the National Cyber Security Centre (NCSC), whose 10 Steps to Cyber Security forms the basis of the questionnaire.
‘Keeping your data secure is simply about knowing what data you hold, where it is kept and making sure you control access to it,’ says Jacky.
Recommending people to go through the questionnaire at least twice a year, she adds: ‘We can all think we’re secure until the day something happens.’
Andrew McQuarrie is Communications Officer at the Bar Council.
‘Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
As the operations manager at a leading commercial set, Jacky Chase knows a thing or two about keeping cybercriminals at bay.
‘You would have to be living the life of a hermit to not realise that cyber fraud is on the increase,’ says Jacky, of London’s Essex Court Chambers.
Two weeks after Jacky uttered these words, the Information Commissioner’s Office announced a £98,000 fine for a criminal defence firm struck by a ransomware attack.
But cybersecurity has been the talk of the legal industry for some time – not least last year, says Jacky, when two chambers were reported to have been targeted.
Many solicitors’ firms reacted by drawing up questionnaires and sending them to chambers, she explains, in an attempt to gain reassurances that data was being stored securely.
Some of the questionnaires were between 80-100 questions long, which posed a massive challenge for those chambers without IT staff.
‘Whereas many of the large law firms have whole IT departments with five, six or seven members of staff, all specialists in their area, most chambers either have no-one, with everything being outsourced, or one or two internal people.’
As a result, for Essex Court Chambers and many others, answering the questionnaires took up ‘an inordinate amount of time and effort’, Jacky says.
Jacky Chase, Operations Manager at Essex Court Chambers
And it didn’t help that some of the questions were particularly complex.
‘Some of the terminology in the questionnaires was so technical that I didn’t understand the questions,’ Jacky recalls.
Now, however, Jacky believes a solution has been found – in the form of a simpler, standardised questionnaire.
The new form, containing a total of 24 questions, has been created by a cybersecurity working group set up by the Law Society and the Bar Council.
Jacky believes the questionnaire is ‘a vital tool in ensuring your chambers has taken all possible care in protecting its data’.
She adds that it should be easily used by everyone, ‘from a sole practitioner to large chambers’.
For those who fail to take cybersecurity seriously, there is potentially much at stake – Jacky describes the consequences as ‘huge’.
‘First of all, your obligation under GDPR is to keep your client’s data safe,’ says Jacky.
‘If you were to lose your client’s data, the fines – if it was decided it was your fault – could be endless.
‘The fines have got lots of noughts on the end. But, even more than that, your business’s reputation [gets damaged].
‘You’re in competition with all the other chambers and if your clients don’t feel their data is safe with you, they’ll go somewhere else.’
Although cybersecurity threats go beyond hackers, cybercriminals are certainly among the most menacing – and, it seems, the most mysterious.
‘I don’t think that most hackers are looking for anything in particular,’ says Jacky, who senses a ‘scattergun’ approach.
She says: ‘They’re not actually interested in the data. What they’re interested in is saying, “If I’ve got your data, I can charge you a lot of money to release that data. Not only do you not want that data going anywhere else; you need that data”.’
Giving staff proper training is one of the best ways that an organisation can stop its data getting lost or falling into the wrong hands.
‘The key thing is to make sure your people are aware of what cybersecurity is, why it’s important and why there are things that they should do and should not do,’ says Jacky, who believes training should be mandatory for everyone.
‘People are your weakest point. It’s someone clicking a link on an email [and getting hacked]. You see examples of it all the time.’
Social media is another dangerous territory, says Jacky, with scammers known to use platforms including Instagram.
‘Anywhere that you can impersonate someone could be [host to] cyber fraud,’ says Jacky. ‘If you can’t physically see someone, how do you know that they are who they say they are? Don’t trust anyone. Question everything. There’s no such thing as a free lunch.’
But cybersecurity is not only about protecting yourself against hackers and fraudsters.
‘It’s also about other things that can happen to your data,’ says Jacky. ‘It could be a flood, it could be a fire, it could be a power outage, it could be as simple as someone pressing the wrong key on the keyboard.’
Yet no matter how someone ends up losing their data, Jacky would ‘hope that somewhere there would be a back-up that you could use’.
‘It’s about keeping that data secure even if something outside your control happens,’ she says.
In terms of top tips on cybersecurity, Jacky suggests that the basics go a long way.
‘It’s making sure that people are using encryption, that people are using good passwords.’
More detailed steps will be laid out in the new questionnaire – set for release on 25 March – and advice is also available from the National Cyber Security Centre (NCSC), whose 10 Steps to Cyber Security forms the basis of the questionnaire.
‘Keeping your data secure is simply about knowing what data you hold, where it is kept and making sure you control access to it,’ says Jacky.
Recommending people to go through the questionnaire at least twice a year, she adds: ‘We can all think we’re secure until the day something happens.’
Hot on the heels of a criminal defence firm being fined £98,000 after a ransomware attack, a new tool is about to be launched to help protect clients’ data. Andrew McQuarrie finds out more...
Now is the time to tackle inappropriate behaviour at the Bar as well as extend our reach and collaboration with organisations and individuals at home and abroad
A comparison – Dan Monaghan, Head of DWF Chambers, invites two viewpoints
And if not, why not? asks Louise Crush of Westgate Wealth Management
Marie Law, Head of Toxicology at AlphaBiolabs, discusses the many benefits of oral fluid drug testing for child welfare and protection matters
To mark International Women’s Day, Louise Crush of Westgate Wealth Management looks at how financial planning can help bridge the gap
Casey Randall of AlphaBiolabs answers some of the most common questions regarding relationship DNA testing for court
Maria Scotland and Niamh Wilkie report from the Bar Council’s 2024 visit to the United Arab Emirates exploring practice development opportunities for the England and Wales family Bar
Marking Neurodiversity Week 2025, an anonymous barrister shares the revelations and emotions from a mid-career diagnosis with a view to encouraging others to find out more
David Wurtzel analyses the outcome of the 2024 silk competition and how it compares with previous years, revealing some striking trends and home truths for the profession
Save for some high-flyers and those who can become commercial arbitrators, it is generally a question of all or nothing but that does not mean moving from hero to zero, says Andrew Hillier
