From the Professional Practice team: a forthcoming Law Society of Scotland guide will help solicitors to understand the risks associated with working digitally, and best practice in dealing with them
Cybercrime and information security have become high-profile risks, especially for professional firms. In the Law Society of Scotland’s technology audit, almost half of survey respondents believed that maintaining cybersecurity was a challenge for law firms in Scotland.
Cybersecurity is an issue that requires the attention of all of us and not just the IT experts. In this regard, the terminology used in this area is not always helpful. The use of the words “cyber” or “digital” prefixed before more familiar words can put people off. The terms cyber-threat, cyber-risk and cybersecurity are too often used as catch-all terms and, for many, “cyber” or “digital” is still an indicator of something that is high-tech rather than commonplace.
Other terms can be confusing. “Malicious software” becomes “malware”. A type of malware that shares information with others becomes “spyware”. The act of tricking people online becomes “social engineering” or “phishing”. The truth is that this is all about internet safety and data protection. These issues can be made very simple if the jargon is removed or explained. By knowing the issues and adopting best working practices, everyone can help to minimise the risks.
Cybersecurity is an important issue for the legal profession. That is why the Society’s Technology Committee has produced a guide to help demystify some of the issues and take a pragmatic look at the risks and what solicitors can do to combat them.
The guide, which will be launched over the coming months, will provide solicitors with a best practice foundation for firms. There will be links to other sources of good advice so that members won’t need to be IT experts to help improve their firm’s security. There will be some simple steps which can help make all the difference. The guide will also include details on the risks of failing to protect data adequately, including the reputational impact that such a breach could have on a firm’s business, client relationships and ability to win work.
It is essential for the profession to have confidence in its digital future. This means being aware of cybersecurity risks while embracing opportunities for growth; and being able to assess which threats could affect business goals, whilst building the agility and skills needed to deal with them as they arise.
It’s time we demystified cybersecurity.
Matthew Thomson is a senior solicitor in the Professional Practice team