Being a small firm is no guarantee that cyber criminals will not target your business, says QLS Special Counsel (Ethics) David Bowles.
So to assist firms in strengthening cyber resilience, the Queensland Law Society is offering a free member deal until 12 September – the SMB1001 Silver Certification subscription – in partnership with CyberCert and Cyber Wardens.
David said law firms had an ethical duty – and in many cases a statutory obligation – to take “reasonable steps” to protect the confidentiality of client information.
“We also have a strong practical imperative to keep our systems as secure as possible to prevent fraud and catastrophic damage to client relationships. There is no universal consensus on what those steps are – largely due to the diversity in size and resources between law firms,” David said.
“In addition to the general obligations, many organisations law firms deal with – insurers, clients and system providers such as courts and e-conveyancing platforms – require specific cybersecurity and data handling measures to be put in place. For us, Lexon’s cyber protocol and Pexa’s security requirements are likely to be the most immediate.
“The end result is a confusing mix of recommendations, requirements and best practice that are easy to put in the too-hard basket until that mythical day when there is more time to attend to such issues.
“Unfortunately, criminals won’t wait for that day and will use any weakness to find and exploit a hole in your security. Being a small practice is no defence.
“There are now hundreds of thousands of criminals around the world that specialise in attacking law firm data and the incidence is rising sharply.”
SMB1001 is an internationally recognised cybersecurity standard that has been developed specifically for small businesses.
CyberCert co-founder and CEO Ryan Ettridge said: “Certification is the proof that you’ve done something — and the CyberCert Silver ‘something’ covers 14 practical, proven controls that reduce the most common cyber threats to small businesses.
“That’s why insurers recognise it, and why it can lead to better policy offers and premiums.
“It’s a simple, affordable, and powerful starting point for QLS members — often handling sensitive client information daily. Silver helps translate cybersecurity from hope into proof.”
There are many advantages in using a recognised standard. These include:
- the ability to obtain a compliance certificate;
- more efficient use of your security dollar;
- enhanced access to insurance;
- a clear path for your IT support and security team; and
- a defensible position if queried after an incident.
Depending on practice area and firm size, there may be additional measures required, but SMB1001 certification is a cost-effective way to lay the foundations.
How do firms access practical cyber certification?
You can buy access directly from the certification body (prices ranging from $95-$595), or for a limited time, the certification subscription (up to Silver tier) is available for Queensland law firms without charge.
All practitioners need to do is have a staff member do a 10-minute online cyber safety course then supply the firm’s ABN to claim a voucher.
This offer is available through partnerships with Cyber Wardens (the training provider) and CyberCert (the certification and standard provider) using Commonwealth funding.
Once the voucher is registered, firms have up to a year to put the measures in place to qualify for a compliance certificate. There are extensive resources available from QLS and from CyberCert to assist.
For more information about the program and how claim your free certification package click here.
If you have any remaining questions, contact David Bowles on 3842 5937.
Share this article