Solicitors Regulation Authority (SRA) - Technology

Solicitors Regulation Authority (SRA) - Technology
SRA Findings - Technology

The review found that while most firms had introduced adequate and appropriate systems, some found this area confusing. Nonetheless, 93% of the firms visited confirmed they had firewalls in place, with more than half having firewalls round both individual devices and their overall systems. All firms visited confirmed that their laptops and devices were password-protected, with 25 of them requiring two-factor authentication from staff/clients when engaging in many day-to-day activities.

Technology - Security Monitoring

However, the Solicitors Regulation Authority did find some practices that could potentially make a firm's systems vulnerable. For example, over half of the firms allowed external data sticks to be freely used and plugged into their machines. Moreover, two firms used an old Windows operating system for which security updates had ceased in 2014, while 16 were using a system for which Windows support was due to end soon.

It is worth noting that cybercriminals exploit weaknesses in systems to gain unauthorized access. The best defense is to avoid the use of USB / data sticks, install updates known as "patches" as soon as they are released, and use the latest operating systems and browsers.

The Solicitors Regulation Authority were particularly interested in each firm's ability to respond to a catastrophic cyberattack. Finding some 68% of the firms visited had a disaster recovery plan in place. However, 15 of these firms stored the document on the same system that would be the target of any attack. In contrast, 19 firms had employed specialists to stress test their systems.

USB / data sticks - Avoid where possible.

In conclusion, firms need to implement the appropriate technological controls to minimize their risk of cybercrime. It is essential to avoid the use of USB / data sticks, install updates promptly, use the latest operating systems and browsers, and have a robust disaster recovery plan. Thank you for reading, and we hope you found this edition informative.

Don't wait for a cyber incident to strike. Take action today to safeguard your digital life. Stay one step ahead of the threats and enjoy peace of mind knowing that you're protected. Stay safe, stay secure!