This website uses cookies

We use cookies to improve your experience on our website. If you continue without changing your settings, we'll assume that you are happy to accept all cookies on the CLC website. You can change your settings at any time.

OK Show details

Necessary

Preferences

Statistics

Marketing

Show details

IT RESILIENCE AND RECOVERY

Businesses of all sizes now suffer cyber incidents. Law firms are no different. It is a matter of when, not if.

Firms need to understand just how dangerous and disruptive an attack can be - it's not just the incident itself but the recovery from it that has the potential to heavily disrupt client work and suck up huge amounts of management time, money and energy.

For these purposes, we expect that firms are keeping on top of their IT security. Your IT department/supplier should be continually monitoring the range of data protection options and counter-measures available.

The risk and impact of a cyber incident can be effectively reduced by segmenting, rather than separating, systems. You should deploy an

endpoint detection response tool to spot an incident, which will quarantine any device which has this problem detected.

You need to keep on top of awareness among staff and clients and test regularly to see if your systems can be penetrated in different ways.

Preparing for an incident

We have identified five issues to consider in preparing for an incident:

Ensure you have an internal incident response team with representatives from at least operations, IT and communications. Rehearse and simulate to test readiness in a live environment, map your digital

processes and maintain a separate list of customers so you can contact them if core systems are down.

Select specialist vendors of key services ahead of time: legal, IT forensic and public relations (it may be your cyber-insurer has a roster of these).
Have appropriate cyber-insurance, business interruption and response cover.
Carry out a mapping exercise to understand your regulatory obligations.
Are you prepared to pay a ransom? If so, in what circumstances and are there any barriers to doing so?

Name	Provider	Purpose	Expiry	Type
CookieConsent	https://www.clc-uk.org/	Stores the user's cookie consent state for the current domain	1 Year	HTTP

Name	Provider	Purpose	Expiry	Type
_ga	https://www.clc-uk.org/	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 Year	HTTP
_gat	https://www.clc-uk.org/	Used by Google Analytics to throttle request rate	Session	HTTP
_gid	https://www.clc-uk.org/	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	Session	HTTP

Name	Provider	Purpose	Expiry	Type
collect	google-analytics.com	Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.	Session	Pixel
GPS	youtube.com	Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.	Session	HTTP
VISITOR_INFO1_LIVE	youtube.com	Tries to estimate the users' bandwidth on pages with integrated YouTube videos.	1 Year	HTTP
YSC	youtube.com	Registers a unique ID to keep statistics of what videos from YouTube the user has seen.	Session	HTTP
r/collect	doubleclick.net	Unclassified	Session	Pixel

This website uses cookies

IT RESILIENCE AND RECOVERY

About

Consumers

Lawyers

Trainee Lawyers

Regulation