Solicitors Regulation Authority (SRA) - People

Research shows that most cyberattacks target people. Cybercriminals use technology to deceive their targets into sharing confidential information and granting access to their finances. As a result, 60% of the firms visited considered their staff's knowledge and behavior to be their most significant potential vulnerability to cybercrime.

Surprisingly, the Solicitors Regulation Authority discovered that only about two-thirds of the staff in the firms visited claimed to be knowledgeable about cybersecurity and IT issues, with some senior figures unable to answer basic cybersecurity terminology questions. This lack of knowledge and awareness leaves companies vulnerable to cybercrime.

Establishing a culture of cybersecurity awareness relies on having effective policies and controls in place. However, during visits, the Solicitors Regulation Authority found that 11 firms had inadequate policies in place, while 10 had inadequate controls. In addition, 20% of the firms visited had never provided specific cybersecurity training to their staff, and over half did not keep records of who received such training.

The Solicitors Regulation Authority also evaluated the measures firms took to rectify the root cause of previous incidents to prevent similar occurrences. Most firms implemented appropriate mitigation measures, while the rest were still developing new procedures and controls. Although mitigation measures cost firms both time and money, the cost was usually less than the amount of money lost. This highlights that security measures not only fulfill regulatory requirements but also make practical business sense.

In conclusion, the SRA urge firms to invest in staff cybersecurity training and establish robust policies and controls to minimize their risk of cybercrime.

Don't wait for a cyber incident to strike. Take action today to safeguard your digital life. Stay one step ahead of the threats and enjoy peace of mind knowing that you're protected. Stay safe, stay secure!