Legal aid firms offered free, government-backed cyber security support
Guest post from Richard Hughes, Head of Technical Cyber Security at A&O IT Group
The Institute of Legal Finance & Management (ILFM) is known for protecting its members and member firms regarding client money training and helping law firms that are high-risk for cyber-attacks.
Between now and March 2023, a government-backed Funded Cyber Essentials Certification Programme is offering some small legal aid firms free practical support to help put baseline cyber security controls in place.
Cyber Essentials Plus support and certification can cost organisations circa £3,000 but this programme gives eligible legal firms support from the nation’s leading experts at no cost.
The programme is being run by the National Cyber Security Centre – a part of GCHQ, in conjunction with IASME and funded by the government. The support and certifications are being delivered via approved UK cyber security organisations, including ourselves.
Who is the support for?
The programme’s support and current offer is available to small businesses and practices that offer legal aid to its clients, as well as micro or small charities that process personal data.
These smaller firms are often seen as high-risk for cyber-attacks owing to the sensitive information they handle.
To qualify for this programme, the organisation must either be:
- a micro or small business (1 to 49 employees) that offers legal aid services
- a micro or small charity (1 to 49 employees excluding volunteers) that processes personal data, as defined under GDPR
Elaine Pasini, Head of Communications, at the Institute of Legal Finance & Management (ILFM), spoke with the team and I here at A&O IT to ask about our knowledge when it comes to robust law firm IT security integrations. We wanted to ensure that all ILFM members working (in this specific scenario of Legal Aid) were aware of this free government-backed initiative.
What is Cyber Essentials?
Cyber Essentials is a government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks. In 2022, more than 31,000 Cyber Essential and Cyber Essentials Certificates were issued.
What do approved organisations receive?
Eligible organisations will receive free support from a Cyber Essentials assessor to help implement the technical controls. This will be followed by hands-on verification that the measures are in place, with a view to the organisation achieving Cyber Essentials Plus certification.
Sarah Lyons, NCSC Deputy Director for Economy and Society Resilience said:
“Charities and legal aid firms do incredible work supporting vulnerable people when they need it most, and that’s why it is vital they take steps to protect sensitive data.
The new Funded Cyber Essentials Programme is a great opportunity for small organisations to gain free assistance with putting key cyber security protections in place.
I strongly encourage organisations to register so they can boost their cyber resilience and help reduce the chances of falling victim to a potentially damaging cyber attack.”
Dr Emma Philpott MBE, CEO of the IASME Consortium which delivers the programme for government, said:
“The Funded Cyber Essentials programme is aimed at some of the smallest and most vulnerable organisations in the UK. It is designed to encourage and support them to implement the minimum cyber security technical controls."
Next Steps for Legal Aid Firm Security?
A&O IT Group is a cyber security consultancy working alongside The National Cyber Security Centre and IASME to deliver this fully funded campaign.
For more information or to register your interest, please visit our dedicated website page here.
Richard Hughes, Head of Technical Cyber Security at A&O IT Group
By day Richard Hughes is the Head of Technical Cyber Security at A&O IT Group where he leads a team of expert cybersecurity professionals who keep their customers secure one ethical hack at a time. By night Richard continues his passion for cyber security and can often be found reverse engineering IoT devices or creating hardware-based gadgets for future assessments. Richard has a wide range of cyber security experience spanning over 20 years.
Comments