How to Interpret and Action the Lawcover Cyber Risk Assessment Result

Post-Image

Introduction

Since January 1st 2018, LawCover has been providing cyber risk insurance for their insured Law Practices at no additional cost to their client’s premiums. The policy provides crisis assistance and protection arising from cyber-attacks for losses up to $50,000.

Since the policy inception, law practices have notified LawCover of a range of cyber incidents. They are being targeted by cyber criminals, and incidents have mostly fallen into one of two categories being Ransomware Attacks, and Email-Enabled Impersonation Fraud.

To assist firms to protect themselves further, LawCover have been providing educational materials and guides on understanding the risk factors, including their online Cyber-Risk Assessment.

Results Interpretation

The cyber-risk assessment is an online form which firm leaders can complete to be provided with a cyber awareness indication result. The result is a graphical representation, not an actual risk assessment result.

The results and tips aren’t specific, but provide a list of items requiring consideration and action if they are not already implemented in the firm. It also doesn’t offer specific recommendations, nor best practices for implementation of more holistic cyber-security solutions, leaving many firms in a position where they need to rely on a third party to analyse, interpret, and make specific solution recommendations to firms.

Taking Action

To take action on the results and tips, ServiceScaler has put together the below guide with details on how to implement or deliver each of the tips as mentioned within the cyber-risk assessment results, broken down into individual components requiring consideration.

Category Requirement Recommendation*
Software and Virus Protection Antivirus Webroot SecureAnywhere
Network Protection Sophos XG Firewall**
Wireless Protection Sophos Wireless**
Web Protection Sophos Secure Web Gateway**
Email Protection Sophos Email**
Endpoint Device Protection Sophos Mobile
Multi-Factor Authentication Duo MFA (Cisco)
Security Patch Management Solution (All applications and security software) ServiceScaler Device Agent (Remote monitoring and automated patch application)
Backup Software Arcserve Backup
Disaster Recovery Software Arcserve UDP
Backup Hardware (Onsite) NAS/SAN/Storage Server
Backup Hardware (Onsite/Offsite) Portable Hard Drive
Cloud Backup (Offsite) Arcserve Cloud
Disaster Recovery Testing (Automated, Zero Interruption) Arcserve UDP
Disaster Recovery Testing (Scenario Based) Annual Disaster Recovery Exercise Plan
Payment Processes Confirm Payment Instructions Two-step, dual mechanism payment details confirmation (Eg, Letter + Phone, Email + Meeting)
Confirm Payment Details Change Three-step, tri-mechanism confirmation (Eg, Letter + Phone + Email) with acknowledgement
Education Policies Develop and implement SOP’s for firm technology users to mitigate cyber-risks
Awareness Reminder Emails, Discussion Item at Team Meetings
Education Regular workshops with staff which demonstrate cyber crime attack vectors, what to look out for, and how to handle a potential event.
Control Passwords Set regular password reset policies for all users
Vendor Access Provide supervised, and temporary access to digital systems only
Data Security Disable or limit the ability for staff to transport any firm data via non-encrypted mediums (Ie, USB, mobile devices, personal emails or storage software)
Planning Disaster Recovery Plan Develop a disaster recovery plan
Business Continuity Plan Develop a business continuity plan
Risk Assessment Regularly complete and update your internal cyber risk assessment which should include both risk areas, and consequences in case of incident

*Or equivalent

**Can be bundled as a Universal Threat Management Appliance such as Sophos XG UTM

Summary

Given the ever-increasing risk of cyber vulnerability, firms must ensure that they are aware of the risks, and have a considered strategy to mitigate the identified risks.

At ServiceScaler, we assist legal firms to not only identify the risks, but provide practical and functional solutions to address these risks.

To find out how ServiceScaler can assist you to reduce your firms cyber-risk, please contact us to speak with one of our legal IT specialists today.



Contact us here - or call us on (02) 9146 6339


Let's work together

Contact the team at ServiceScaler today for a free and confidential discussion

Contact Us