Best practice for law firms

There are steps you can take to protect your firm from a cyber attack.

General safety

  • Use a firewall to secure your internet connection
  • Protect all devices with antivirus software
  • Keep IT systems up to date with regular patching
  • Encrypt mobile devices and install a system that can wipe them if they are lost
  • Back up important information regularly
  • Avoid giving out admin accounts (able to access other accounts and install software) or access to payment systems unless necessary

Review your assets

You should regularly review:

  • your financial and information assets, for example payment systems and IT equipment
  • who has access to assets and how they are stored
  • your firm’s policy on cybersecurity, appointing someone to oversee the policy

Introduce safety measures – for example, make sure there are clear processes and reporting lines across your firm for handling money. Check regularly that your measures are working as expected.

Make a response plan

You may want to have a plan in place for what to do if there is a cyber attack. It can include:

  • who staff should alert if there is an attack
  • actions to take to stop the attack if it’s still happening
  • how to reduce damage afterwards

Read our practice note on business continuity. It explains business continuity management so you can handle your client’s business if something goes wrong.

Train your staff

Make sure your staff understand how to:

Staff should avoid:

  • changing payment details or making payments without thorough checks
  • opening email attachments without knowing who or where they’re from
  • connecting personal devices, for example memory sticks, to your network
  • downloading unsafe apps or browsing on unsafe sites

Get certified

Certification helps you and your practice demonstrate expertise to your clients.


Reporting an attack

You can report an attack to:


Read more about reporting an attack

Cybersecurity Information Sharing Partnership (CiSP) run by the NCSC – discuss cybersecurity with peers and get alerts

National Cybersecurity Centre – small business guide: cybersecurity – how to improve cybersecurity within your organisation quickly, easily and at low cost

National Cybersecurity Centre information Security – good practice for information security

National Cybersecurity Centre – 10 steps to cybersecurity

> Next section: Cybersecurity and GDPR

> Back to contents list

Cybersecurity news digest

Stay up to date with all things cyber with our weekly cybersecurity and GDPR newsletter.


key lock
International data transfer

Learn in this one hour webinar more about data transfer, adequacy decisions, EU/US Privacy Shield

International data transfer > More