6 Important Questions Law Firms Should Ask Their Prospective Suppliers of New Software
When bringing onboard new practice management software partners, or any new technology partners, there are many cyber security-related questions we’d highly recommend law firms should ask. You cannot delve too deeply into a new suppliers’ cyber security credentials. As we keep reiterating throughout this blog, these measures probably apply to law firms more than most other business, purely because of the highly sensitive nature of the information they hold on behalf of clients. This, coupled with high levels of cybercrime affecting the profession today, probably makes information security one of the most important aspects of any law firm check-list when signing up with a new IT/software partner.
The top 6 security questions we believe a law firm should ask of any prospective software or IT services provider are:
1. How secure is their datacentre for SaaS?
For firms going with a cloud solution can your supplier prove they operate their SaaS solution (i.e. for cloud hosting) within an ISO 27001 certified datacentre? ISO 27001 is the international standard that stipulates best practice for an information security management system.
2. How seriously does the prospective supplier take information security?
Can your supplier prove THEY themselves are also ISO 27001 certified? Certification to ISO 27001 demonstrates that an organisation is following robust information security best practices. Some suppliers say they have ISO 27001 certification when in fact it is only specifically their third-party datacentre that has it. For belt and braces information security management your supplier themselves should have it too.
3. Ask for a penetration test report
Can your supplier present a recent penetration test report? Penetration testing (often referred to as pen testing) is the practice of testing a computer system, network or web application in order to find any vulnerabilities that could be exploited by a cybercriminal.
4. Can you see an audit trail?
Do you have access to an audit trail within your practice management software? i.e. are you able to see if users are accessing areas they shouldn’t?
5. Ask about security patching
Can your supplier demonstrate a robust security patching process within their SaaS infrastructure? i.e. for keeping up-to-date with Microsoft database security standards?
6. Ask about cyber essentials accreditation
Can your supplier prove they are Cyber Essentials accredited? Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security for organisations. The scheme is designed to prevent cyber-attacks.
More Cyber Security Resources from Access Legal
- PDF Document: The Ultimate Guide to Cyber Security for Law Firms
- Webinar Recording: Access All Areas Panel Discussion on Cyber Security October 2021 – Cyber Security for Law Firms – the trends, the threats and the considerations.
- For help with your legal practice management software or digital learning and compliance you can reach Access Legal on 0845 345 3300 or via our online enquiry form
*Access Legal is the original source of this blog series: Cyber security for law firms.