New figures have revealed that the Information Commissioner’s Office (ICO) investigated 173 UK law firms for potential data breaches last year.
A total of 187 incidents were recorded, with 29% related to security and 26% related to incorrect disclosure of data.
Protecting confidential client information is one of the most essential requirements of any legal business, and firms must ensure confidentiality to comply with Principle 10 and Outcome 4.1 of the Solicitor’s Regulation Authority (SRA) handbook. The SRA regulates solicitors and law firms in England and Wales, and provides a set of principles that law firms must abide by.
In a world where client information is no longer stored in filing cabinets under lock and key, but instead on mobile devices such as tablets, laptops, USB flashdrives and in the Cloud, it is much more difficult for law firms to control, manage and protect client information.
It is only a matter of time before a high-profile law firm is breached and fined, resulting in clients looking elsewhere.
Timothy Hill, technology policy adviser at the Law Society, said firms needed to start taking cyber threats seriously. Failure to do so, he said, could not only result in direct financial loss but also reputational damage.
Many law firms are now implementing an ISO 27001-compliant information security management system to manage their sensitive information better, while also proving to their clients that they take information security seriously. In fact, four of the top UK law firms have achieved certification to the Standard, including DLA Piper, Clifford Chance, Linklaters and Allen & Overy.
ISO/IEC 27001:2013 is the international standard that describes best practice for an information security management system (ISMS). Accredited certification to ISO 27001 demonstrates that an organisation is following international information security best practices.
If you’re a law firm looking to improve cyber security within your business while gaining an internationally recognised certificate sought by many corporate firms, then IT Governance’s fixed-price ISO 27001 packaged solutions can help you achieve certification. Whether you want to implement the Standard yourself, need guidance or would like us to come in and take the project off your hands, we have the tools, training, resources and expertise on hand to find a solution that is right for your business.