7 Immediate Steps to Make Cyber Security a Key Part of Your Healthy ‘No-Blame’ Culture

Whilst human error is the cause of 95% of cyber-attacks / data breaches, we all need to recognise that well-informed, well-trained staff are a law firm’s best line of defence against cybercrime. There are so many horror stories increasingly doing the rounds, that it is understandable that staff are terrified of doing something wrong and causing catastrophic consequences for their employers. It is paramount that firms not only openly encourage their employees to share their concerns and experiences but that they also reward the right kind of behaviour to develop an open ‘no-blame’ culture. Nurturing a positive culture is clearly going to be key for the success of cyber security policies, and more importantly a key part of the bigger picture for the success of the profession.

We have captured some key takeaways from our recent webinars and panel sessions with law firms on cyber security and its place within a healthy workplace culture. Our top seven takeaways that we believe you will find most useful on this subject are:

1. Make cyber security a priority

If it is not, I am sure you know it should be. There is always something more pressing and urgent to take up your time. But no law firm can delay this step a moment longer. We urge you to put cyber security at the forefront of developing your law firm’s digital footprint rather than allowing it to be an after-thought. Enough said.


2. Think about learning styles to make your cyber security training stick

You don’t need us to tell you firms must provide quality training for their staff. It’s a no brainer. But many of the law firms we talk to tell us that there is room for improvement in the way they train their people on cyber security, which of course can be a very dry subject and therefore difficult to engage with. Enabling employees to choose their preferred learning style through multiple training techniques including tests, quizzes, eLearning, games, videos, pdfs and audio stories will move your firm beyond annual, tick-box training that has become typical for many organisations. If you adopt short, immersive, and relevant training, little and often that is highly targeted, the impact of your cyber security policies will increase considerably. If you need help in this area Access Legal have a lot to offer.


3. Ramp up your communication to staff & join the dots for them

Again communication is obvious. It has to become routine with staff. Let them know what’s happening regularly in the cyber security world. Don’t take anything for granted. Especially when new cyber risks appear. Use stories and real-life incidents to bring the risks to life at home and work. Keep detailed notes of how you manage any cyber incidents and share as and when relevant. Don’t assume that employees knowing what your security policies are will impact behaviours. Firms must join the dots for their employees, and make it crystal clear what is expected of them. Encourage your people to share their own stories to help build their awareness and confidence in doing the right thing.


4. Sit down today and consider the risks of taking on new staff & your leavers

Be rigorous in onboarding & offboarding personnel. There are so many risks with both. Give these areas the attention they deserve.


5. Double-check you are making the right backup choices

Make sure your backup procedure is fit for purpose – on-site/off-site, cloud vs server, high security vs fast recovery. A good practice management supplier will provide excellent advice on these matters.


6. Ensure your sign-off procedures are hyper-diligent

All the law firm execs we speak to at our cyber security events have put in place senior stakeholder sign off procedures for sending and releasing funds – typically a minimum of two pairs of eyes for all amounts over £5k or an agreed nominal amount. We do not anticipate there are many firms today that don’t have hyper-diligent processes in place for this, but if you are not 100% comfortable with yours, the time to revisit them is now.


7. Revisit your position on cyber insurance

Consider what a specialist cyber insurance policy could offer either by speaking to your insurance broker or a specialist in the industry. Seek recommendations and references.



Cyber Security for Law Firms – in summary

The stark reality is that cybercriminals employ a range of ever-evolving tactics to bypass security controls to target employees and are becoming more sophisticated in their approach to breaking down barriers of entry. However, many law firms are surpassing the level of sophistication we are seeing from today’s cybercriminals by implementing solid cyber policies and procedures. If your firm is interested in a new legal practice management system, from a trusted ISO27001 legal software supplier, or you would like help with your digital learning and compliance for cyber security, please contact Access Legal today on 0845 345 3300 or online.

More Cyber Security Resources from Access Legal

*Access Legal is the original source of this blog series: Cyber security for law firms.

Access Legal

Access Legal
Working in partnership with more than 3,500 UK law firms and underpinned by over 30 years of sector experience, Access Legal provides an unrivalled suite of complete software solutions. From case and practice management, finance, accounting and business intelligence to learning, compliance and HR – Access Legal helps firms take control of their time, improve efficiency and productivity. By providing software to manage every aspect of a firm’s operations, Access Legal enables ambitious firms to reach unlimited potential and have the freedom to focus on clients and people to drive profitability and growth. ​​​​Access Legal is part of The Access Group, a leading provider of business management software to mid-sized organisations. It helps more than 35,000 customers across commercial and not-for-profit sectors become more productive and efficient. Its innovative Access Workspace cloud solution transforms the way business software is used, giving every employee the freedom to do more. Founded in 1991, The Access Group employs more than 3000 staff.