Skip to main content

How to Interpret and Action the Lawcover Cyber Risk Assessment Result

Given the ever-increasing risk of cyber vulnerability, firms must ensure that they are aware of the risks, and have a considered strategy to mitigate the identified risks.

Cybersecurity Legal Tech
4 min read By Rob Dawson

Introduction

Since January 1st 2018, LawCover has been providing cyber risk insurance for their insured Law Practices at no additional cost to their client’s premiums. The policy provides crisis assistance and protection arising from cyber-attacks for losses up to $50,000.

Since the policy inception, law practices have notified LawCover of a range of cyber incidents. They are being targeted by cyber criminals, and incidents have mostly fallen into one of two categories being Ransomware Attacks, and Email-Enabled Impersonation Fraud.

To assist firms to protect themselves further, LawCover have been providing educational materials and guides on understanding the risk factors, including their online Cyber-Risk Assessment.

Results Interpretation

The cyber-risk assessment is an online form which firm leaders can complete to be provided with a cyber awareness indication result. The result is a graphical representation, not an actual risk assessment result.

The results and tips aren’t specific, but provide a list of items requiring consideration and action if they are not already implemented in the firm. It also doesn’t offer specific recommendations, nor best practices for implementation of more holistic cyber-security solutions, leaving many firms in a position where they need to rely on a third party to analyse, interpret, and make specific solution recommendations to firms.

Taking Action

To take action on the results and tips, ServiceScaler has put together the below guide with details on how to implement or deliver each of the tips as mentioned within the cyber-risk assessment results, broken down into individual components requiring consideration.

CategoryRequirementRecommendation*
Software and Virus ProtectionAntivirusWebroot SecureAnywhere
Network ProtectionSophos XG Firewall**
Wireless ProtectionSophos Wireless**
Web ProtectionSophos Secure Web Gateway**
Email ProtectionSophos Email**
Endpoint Device ProtectionSophos Mobile
Multi-Factor AuthenticationDuo MFA (Cisco)
Security Patch Management Solution (All applications and security software)ServiceScaler Device Agent (Remote monitoring and automated patch application)
Backup SoftwareArcserve Backup
Disaster Recovery SoftwareArcserve UDP
Backup Hardware (Onsite)NAS/SAN/Storage Server
Backup Hardware (Onsite/Offsite)Portable Hard Drive
Cloud Backup (Offsite)Arcserve Cloud
Disaster Recovery Testing (Automated, Zero Interruption)Arcserve UDP
Disaster Recovery Testing (Scenario Based)Annual Disaster Recovery Exercise Plan
Payment ProcessesConfirm Payment InstructionsTwo-step, dual mechanism payment details confirmation (Eg, Letter + Phone, Email + Meeting)
Confirm Payment Details ChangeThree-step, tri-mechanism confirmation (Eg, Letter + Phone + Email) with acknowledgement
EducationPoliciesDevelop and implement SOP’s for firm technology users to mitigate cyber-risks
AwarenessReminder Emails, Discussion Item at Team Meetings
EducationRegular workshops with staff which demonstrate cyber crime attack vectors, what to look out for, and how to handle a potential event.
ControlPasswordsSet regular password reset policies for all users
Vendor AccessProvide supervised, and temporary access to digital systems only
Data SecurityDisable or limit the ability for staff to transport any firm data via non-encrypted mediums (Ie, USB, mobile devices, personal emails or storage software)
PlanningDisaster Recovery PlanDevelop a disaster recovery plan
Business Continuity PlanDevelop a business continuity plan
Risk AssessmentRegularly complete and update your internal cyber risk assessment which should include both risk areas, and consequences in case of incident

*Or equivalent

**Can be bundled as a Universal Threat Management Appliance such as Sophos XG UTM

Summary

Given the ever-increasing risk of cyber vulnerability, firms must ensure that they are aware of the risks, and have a considered strategy to mitigate the identified risks.

At ServiceScaler, we assist legal firms to not only identify the risks, but provide practical and functional solutions to address these risks.

To find out how ServiceScaler can assist you to reduce your firms cyber-risk, please contact us to speak with one of our legal IT specialists today.

Want to discuss this topic?

Book a free consultation to talk about how these ideas apply to your organisation.

Get in Touch