How we can help you in the fight against ransomware

Open letter on ransomware to the Law Society

Following the rise of ransomware attacks on law firms, and increase in ransomware payments being made, the ICO and NCSC published an open letter to the Law Society in July 2022.

In their letter, they asked us to:

• remind solicitors of ICO and NCSC advice on ransomware
• emphasise that payment of a ransom does not keep data safe and will not be viewed by the ICO as mitigating the risk of harm to individuals involved in a data breach

Our response

“We share the ICO and NCSC’s concerns about the costs of cybercrime, which is potentially underreported, and welcome the attention both organisations are focusing on addressing gaps in current practice.

“Cybersecurity has never had a higher profile for solicitors, nor has the important role they can play in responding to these risks.

“We support our members with a range of guidance and practice notes on cybersecurity, including on what they should do if they are the victims of scams (and how to avoid them), cloud computing, and the use of legal technologies in members’ practices.

“We also hold regular, well-attended webinars on cyber risks, and host regular blogs and opinion pieces on our website to underscore the importance of best practice.

“We do not advise members to pay ransoms, nor suggest that is what they should advise their clients.

“In promoting cybersecurity to our members, we link to and promote the excellent materials for risk analysis and continuity planning on the NCSC website, and the clearly drafted guidance on data protection law on the ICO site.

“In that vein, we would be happy to publicise the updated ransomware guidance and the ransomware hub highlighted in the ICO and NCSC letter through our various channels and we will ensure that we revise our practice notes and other material for members to reflect this advice.

“The close working relationship between the Law Society, Bar Council and the NCSC in the production of the IT questionnaire for instructing chambers has demonstrated what can be achieved by collaborative working.

“We would welcome the opportunity to meet with the ICO, NCSC and Bar Council to discuss further steps we might take and how we can continue to work together on this critical issue.”

Resources to help you better understand cyber risk and improve cybersecurity

• What to do after a cyber attack
  
• Protecting your firm if you fall victim to a scam
• Assessing ransomware risks: our information security questionnaire
• Cyber insurance for law firms
• Read the ICO’s updated ransomware guidance
• Visit the NCSC’s ransomware hub

Our commercial partners offer cybersecurity products and services to help members and their businesses.