Especially if you're. law firm! 

Recently a merseyside law firm was fined by the ICO £60,000 after they had been hacked, because they couldn't evidence that they had put in place appropriate security controls. That's why ISO27001 and LOCS:23 are so important.  

What does this mean to you?  It meant you need to think about security BEFORE the cyberattack occurs.  Because when you think about it, the cost to this law firm was far higher than £60,000.

Costs include;

All of these were costs before the ICO landed them with a £60,000 fine.

But what about you?
What can you do?

The key term to keep in mind here is "appropriate security and organisational controls".  In brief it means thinking about;

Think about where you might be vulnerable in these areas, and then closing the gaps will help you implement 'appropriate' controls.  It also reduces the costs to you, because you spend money where it's needed.

How can you do it effectively?
I would suggest you use security management systems like ISO 27001 or LOCS:23.

 

Firstly, it's important to say we help Law firms asses their security and data protection against LOCS:23, and we help them, and help anyone with ISO 27001.

 
Let's look at LOCS:23 for law firms first.

LOCS:23 stands for Legal Services Operational Privacy Certification Scheme.  

 

It’s a GDPR compliance certification standard specifically designed for legal service providers, such as law firms, barristers' chambers, in-house legal teams, and their vendors or processors—including software providers, infrastructure providers, and consultants—who handle client personal data.

 

The scheme was approved by the UK's Information Commissioner’s Office (ICO) in February 2024 under Article 42 of UK GDPR, enabling organisations to demonstrate compliance through a recognised certification.

 

It's worth looking into if you're in the legal sector, and at the very least knowing about if you support that sector.

ISO 27001 is an information security management system that helps any organisation improve their security.  There's a lot to it, so simply keep in mind that it is a risk based management system and focuses on the areas already mentioned above.  Any business would benefit from ISO 27001:2022 but law firms especially need to consider this carefully if they are to prove they're taking security seriously.

 

Consultants Like this know the requirements of both ISO27001 and LOCS:23 and can steer you towards certification, so you can prove to your clients that their trust in you is built on a solid foundation.

 

As ever, if you need help with this or any other standard related to Information Security, Cyber Security and Privacy please get in touch.

 

Info@consultantslikeus.co.uk