Cyber Security, legal IT | 10 July, 2019

Are you Cyber Essentials ready for your next Lexcel audit?

"Cybercrime is a near-constant threat to law firms." This is something we are now all far too used to hearing. But it is true, and because of this increased risk, good cyber security is now necessary to achieve Lexcel accreditation. Smart advances in cyber-attacks mean that staying up to date is certainly the first line of defence.

The nature of the information Law firms hold mean they become attractive targets for cyber-attacks. The risk outlook 2018/19 report by the SRA found that cybercrime has risen 52% against law firms in recent years. This included crimes such as email modification fraud, phishing and malware, among others. All of which can pose devastating consequences for the company and their reputation. When cyber-attacks are successful, firms can lose access to their technology systems, have funds stolen, and suffer data breaches.

This threat has been recognised to the point that the popular Lexcel scheme now requires its members to show basic cyber security to achieve accreditation. An increased reliance on technology means that firms need to continually add new safety measures to prevent attacks.

The latest revision of the Lexcel standard, now states that “Practices must have an information management and security policy and should be accredited against Cyber Essentials.” Granted, this is not a direct requirement to achieve accreditation, but it does make it clear that Cyber Essentials ensures the necessary requirements are met for minimum cyber security levels.


What is Cyber Essentials?

Cyber Essentials is a government backed scheme. The purpose of which, to help organisations guard against the most common cyber-attacks. Designed to be size agnostic, Cyber Essentials allows firms to ensure they are meeting the minimum requirements to maintain IT security. At its most basic level, Cyber Essentials consists of a self-assessment. Your firm completes the questionnaire, which oversees what measures are currently in place. This is then verified by a certification body to confirm if the standard has been achieved.


Why is Cyber Essentials important?

Cyber Essentials lets everyone know that you’re taking cyber security seriously. Most cyber-attacks are actually very basic in nature. Having a few measures in place can set the groundwork to prevent these attacks from being successful.

It also shows that you’ve got the structure in place to keep information secure. This includes simple IT protections including firewalls, patch management and user access control. Though simple, each method is highly effective at preventing cyber criminals from succeeding.

By taking cyber security seriously, you show a commitment to ensuring the best for your customers. Your reputation can be boosted, with a knock-on effect on business too.


How can you get Cyber Essentials?

As mentioned, Lexcel accreditation now advises that Cyber Essentials should be gained. There are 2 forms available, both of which can be supported by Oosha.

The first is the basic level of Cyber Essentials. This consists of the self-assessment questionnaire. Cyber Essentials Plus has the added element of internal vulnerability testing. This looks at the current systems in place as well.

Working alongside a tech company can highlight issues which may prevent successful application. It can also make it easier to work to resolve these, so a pass is achieved. 


Posted by Matthew Newton

Related articles

Securing the legal hybrid working experience
Cybercrime has been a thorn in the side of businesses for years now, but the move towards remote and hybrid working has made things a whole lot worse.
Case study: Clarkson Wright & Jakes Solicitors
Law firms face daily pressures in dealing with detailed documentation that must not only be in the correct formats, but that also must be fully
How to get your partners on board with cyber security
In the typical law or accountancy firm, it’s always the partners who are looked upon to spearhead change and keep the practice moving forward with

Prepare your firm for the future of work. Register for a demo today.