Securing your legal firm’s future free government funding for Cyber Essentials Plus

With the top three most common cyber-attacks being:

• Phishing – when cybercriminals use scam emails, texts, or phone calls to trick their victims into clicking on a link containing malware or revealing their personal information.
• Business Email Compromise – a form of phishing where a cybercriminal targets a senior executive into transferring funds or revealing sensitive information.
• Ransomware – a type of malicious software that prevents you from accessing your computer or data stored on your computer.

The good news is that the National Cyber Security Centre (NCSC) has launched the fully Funded Cyber Essentials Programme to help specific sectors that are at high risk of a cyber-attack, at no cost.

What is the Cyber Essentials Accreditation?

Cyber Essentials is a simple and effective Government-backed scheme, supported by industry experts and the Cyber Resilience Centre Network.

Cyber Essentials will help you put measures in place to protect your organisation, against a range of the most common cyber-attacks. This includes protecting against threats such as malware, ransomware, and phishing. Read more here.

Why do Legal Firms need Cyber Essentials?

The legal sector is an increasingly targeted industry for cyber attackers due to the sensitive and confidential information that the industry handles, including client data, financial information, and legal documents. This information is highly valuable to cyber attackers, who can use it for financial gain or to carry out other malicious activities. With the increasing use of technology in the legal industry, the risk of cyber-attacks has become even more pronounced.

Cyber Essentials can fully or partially mitigate up to 99% of common cyber-attacks. Meaning if you meet the Cyber Essentials standard you are less likely to fall victim to a cyber-attack yourself and you will be able to reassure your customers and trustees that you have recognised the threat, risks and have taken proactive steps to minimise the impact.

Funded Cyber Essentials Programme

All modern businesses are susceptible to cyber-attacks, however, certain organizations face a heightened risk, whether it’s due to the possession of sensitive information or being perceived as an effortless target by cybercriminals.

To address this issue, the National Cyber Security Centre (NCSC) has established the Funded Cyber Essentials Program, specifically targeting the most vulnerable sectors. This initiative aims to provide vulnerable organisations with help to implement baseline security controls to prevent the most common types of cyber-attack.

The scheme is designed to lead an organisation through the technical controls required to achieve Cyber Essentials certification, followed by the audit for Cyber Essentials Plus. No previous cyber security certification or experience is necessary.

How do I qualify for the Funded Cyber Essentials Programme?

To qualify for this scheme, your organisation must be: a micro or small business (1 to 49 employees) that offers legal aid services.

Applying organisations must also meet the following criteria:

• Has not previously participated in the NCSC Funded Cyber Essentials Programme.
• Does not currently hold Cyber Essentials Plus (CE+) certification, has not been awarded CE+ certification since May 2022 and is not currently in the process of applying for CE+ certification.

If your business or organisation meets the above criteria and you wish to express an interest in the Funded Cyber Essentials Programme, please visit the website of the NCSC’s Cyber Essentials partner, IASME, where you can register your interest.

Further Guidance and Support

Here at the ECRC, we would recommend taking the following proactive steps to enhance your cyber resilience and protect your organization from potential cyber-attacks:

1. Check your current security standard using the free Cyber Essentials Readiness Tool. The Readiness Tool is an interactive set of questions that addresses various parts of your organisation’s security. A step-by-step action plan is tailored to your requirements based on your answers to the questions.
2. Join our community at the Eastern Cyber Resilience Centre; it’s totally free. We can talk to you about your cyber resilience and can offer guidance to free tools that you can implement straight away.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn’t ongoing

Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime.

You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.