Device management and disaster recovery are now covered in an updated questionnaire produced by the Law Society and Bar Council to help law firms assess the cybersecurity arrangements of the chambers and barristers they instruct.

The questionnaire, introduced two years ago, contains 35 questions focusing on central services that chambers might provide to barristers and staff.

Following feedback, the form has been updated to include questions on disaster recover, business continuity, incident management, and data and device management. The questionnaire also contains greater emphasis on protection against phishing, identifying vulnerabilities and penetration testing.

For instance, the questionnaire asks if chambers conduct phishing or spam simulation threats at least twice a year and how access to their systems is secured on devices owned by their self-employed barristers. 

cybersecurity 390x234

The Society and Bar Council have also created a voluntary, non-legally binding cyber and information security affirmation, which can be used by solicitors and barristers to define and agree specific roles and responsibilities.

Society president Nick Emmerson said: ‘Law firms and chambers are targets for the ever-growing threats from cyber criminals. We know that no one tool can offer complete protection against cyber threats, but this updated questionnaire will help reassure clients that data is kept as secure as possible. Firms will need to continue to take other precautions, but the development of the questionnaire is an important step in the right direction.’

The updated questionnaire comes as London set Brick Court Chambers confirmed on Thursday it was investigating a potential cyber incident.

A spokesperson for Brick Court said: 'We are aware of a potential cyber incident and we are actively working with external cyber specialists to investigate the extent of any data breach. Chambers remains fully operational and we are taking all necessary steps to secure our systems. At this stage of the investigation it is not clear whether client data has been impacted. We are investigating this matter as a matter of urgency.'