How can I protect client information from cyberattacks?
“I’m a sole practitioner and often work remotely using a password-protected personal laptop. I use a case management system so client-sensitive information is stored securely and confidentially. For client-related work, an IT company provides an expensive remote server accessed by a portal. Is a remote server essential?”
Our guide on cybersecurity for solicitors indicates “the level of security (or protection) you need for your data depends on the risks involved in your processing”.
The section on cloud computing outlines the benefits of having this service from a third-party supplier:
“data is stored on remote servers and accessed through the internet instead of your computer’s hard drive. These servers are managed by a third-party supplier, who’s also responsible for the security of the data it holds.”
Standard professional indemnity insurance does not cover “your costs and losses if you experience a data breach or cyberattack”.
You should discuss the cybersecurity issue with your professional indemnity insurer to check their requirements and cover available.
If you are to keep all your data on one laptop, you will need to mitigate the risk of theft, loss or failure of the laptop, so it may be prudent to have a remote server.
For more information, see our guide on cybersecurity for solicitors and practice note on cloud computing.
Disclaimer
While every effort has been made to ensure the accuracy of the information in this article, it does not constitute legal advice and cannot be relied upon as such. The Law Society does not accept any responsibility for liabilities arising as a result of reliance upon the information given.
Have you got a practice question?
Call the Practice Advice Service on 020 7320 5675 or email practiceadvice@lawsociety.org.uk.
The Practice Advice Service is staffed Monday to Friday from 9am to 5pm.