Cyber Essentials Plus – A Case Study

The National Centre for Cyber Security (NCSC) has identified the legal sector as a top target for cyber criminals. According to the Solicitors Regulation Authority (SRA), £11 million was stolen by cyber criminals last year.  Fraudsters are now taking advantage of new vulnerabilities in systems introduced with the remote working revolution due to COVID.  As a result, every law firm now needs to take cyber security more seriously than ever before.

Rowlinsons Solicitors is a 60 strong award-winning legal firm based across two sites in Cheshire. The Rowlinsons team uses Cyber Essentials Plus accreditation to ensure they mitigate the risk of fraud, offering clients as much peace of mind as possible through the rigorous assessment and certification of the security of their IT systems.

Cyber Essentials Plus is a cyber-security process and accreditation recommended by Government experts, which ensures an organisation can identify vulnerabilities on all software and devices connected to the internet. Cyber Essentials Plus requires an independently verified network vulnerability scan to be conducted to certify security implementation to Cyber Essentials Plus level. At Lawyer Checker, our expert assessors audit firms and help them to address any issues before awarding certification.

Laura Taylor, Director at Rowlinsons Solicitors who is responsible for overall supervision of IT at the firm explains:

“At Rowlinsons, we have an innovative approach to technology and, like many law firms, we rely heavily on our systems and processes to provide a first class service to our clients.  If any aspect of our system is not operational, the interruption is immediately detrimental to the day-to-day smooth running of the organisation and the service which we deliver to our clients.  Therefore, it is of great importance to us that we maintain a secure environment to work within and a robust, up-to-date and reliable infrastructure.

“We initially achieved Cyber Essentials Plus for four years ago. However, we made the decision to employ Lawyer Checker for our latest assessment this year owing to the long-standing relationship with the team.  We feel that they have a proven track record of excellent customer service and understand the needs of the industry.

“We found the accreditation process simple and the team involved were just as efficient as we’ve come to expect this year, despite working remotely due to the COVID restrictions. We were provided with a key contact and given access to their online portal to complete the initial questionnaire, all of which was very straightforward and user-friendly. We then handed the process to our outsourced IT Support provider who liaised with the Lawyer Checker Team to co-ordinate the audit.

“The audit itself is performed in a strict and controlled manner to ensure that data protection is maintained at all times, following which we receive a full explanation of any remedial actions which may be required to achieve accreditation.

“Annual Cyber Essentials Plus accreditation contributes to the way in which we monitor and maintain the integrity of our environment and provides us with a recognised standard to which we work towards to ensure that all aspects of our environment remain secure.

“While online and cyber fraud remains prevalent within the legal sector, particularly with continued working from home arrangements, it is also imperative that we continue to educate our staff regarding the software we utilise and the importance of adhering to internal policies and procedures to ensure that they are able to identify any potential risk. Cyber Essentials Plus has enabled us to implement important internal processes and check that the same are being adhered to in this respect.

“The pandemic has dramatically changed our working environment and has added a further element of risk and Firms within the legal sector should ensure that cyber security is prioritised. Overall, we feel that the work which we undertake to achieve Cyber Essentials Plus compliance clearly demonstrates to our suppliers and clients the diligent and responsible approach we take to technology.”

Jack Knott, Client Relationship Manager at Lawyer Checker added,

“Fraudsters know that the new hybrid and home working culture has created even more opportunities for them to intercept conveyancing fund transfers.

“ This was evidenced in June this year – a record month for conveyancing, with over 200,000 transactions. At this time, the SRA issued a 125% increase in June 2021’s scam alerts compared to June 2020, which unfortunately spotlights the need for a rigorously tested cyber environment as a key part of a law firm’s cyber defence armour. Lawyer Checker understands the legal sector inside and out making us the ideal partner to deliver this accreditation for firms.”

Cyber Essentials is an accreditation scheme that is advocated by the UK Government’s National Cyber Security Centre (NCSC). It was created to help organisations of all sizes defend against 80% of the most common causes of cyber attacks.

The Cyber Essentials method is simple: manage five key security controls to defend your firm from 80% of the most common cyber attacks.


This article was submitted to be published by Lawyer Checker as part of their advertising agreement with Today’s Conveyancer. The views expressed in this article are those of the submitter and not those of Today’s Conveyancer.

Today's Conveyancer