What is Cyber Essentials and why does my Law firm need to have it?

If you are reading this article there is a good chance you already know what Cyber Essentials is.  For those that do not, Cyber Essentials is a UK Government backed standard for business cyber security which helps you guard against the most common Cyber Security threats. In fact experts believe that by adopting Cyber Essentials you can reduced the threat of Cyber Attack by up to 80%.  That alone should be a good enough reason to sign up.

However to reinforce its importance, the Law Society has recently incorporated Cyber Essentials as a requirement for firms signed up to its popular Lexcel Standard into its recently published v6.1 release.

So how do you go about becoming certified for Cyber Essentials?

Unlike some internationally recognised security standards such as ISO 27001, the focus of Cyber Essentials is on practical technical and operations measures rather than being focused on compliance and paperwork.  As such it helps ensure that your system is setup and running so as to reduce the likelihood of of a successful Cyber Attack.

For a small or medium sized firm, this means that it is a perfectly achievable objective and once in place, should be a relatively low overhead to maintain.

At its basic level, Cyber Essentials is a self-assessment.  However, due to the technical nature of the controls, and the specific way in which they need to be applied, only someone familiar with the scheme should consider taking it on themselves.  Once you have ensured your IT systems meet the standards required, you submit your assessment and all being well, you should be issued with a certificate which will help you comply with Lexcel v6.1.

Cyber Essentials sounds great for reassuring your clients…right?

Kind of.  As Cyber Essentials at its basic level is well known to be achievable as a self-assessment, this means it carries less weight with commercial clients.  If your firm mostly operates with private clients, this may not be a concern.

However if your firm has a significant number of clients in the commercial sector, you should consider Cyber Essentials Plus.  Whilst essentially the same standard, to obtain the plus certificate your firm will need to be independently tested to ensure the technical controls are adequately enforced.

Where do you get started?

Even if your goal is the plus certification, you will need to start with the standard Cyber Essentials.  We strongly recommend employing someone with knowledge and experience of the standard to take you through it.  Pro Drive provides several packages to guide you through the process and help you pass the assessment.

Call our Sales Team on 0330 124 3599 to find out more.

2018-08-03T16:20:41+00:00 July 26th, 2018|Compliance, GDPR, Security and Threats|Comments Off on What is Cyber Essentials and why does my Law firm need to have it?