Notes from Lecture by Kate Burt

Introduction

• Kate Burt: Founder of HighRisk.co.uk
• Experience: Over 20 years as a solicitor, advises law firms, real estate, and reg tech
• Emphasis on compliance strategy & innovation

Importance of Education

• Educate Staff: Vital for compliance and security
• Educate Clients: Clients often targeted, important to include education in retainer docs, email footers, conversations
• Phishing Threats: Major concern (50% of reported cybercrime to SRA)

Insights from the SRA Cyber Security Report

• Phishing Scams: Main threat, targeting client emails and attempting fund diversion
• Conveyancing: Main target, but expanding to other sectors due to raised awareness
• Voice Impersonation: Increasingly sophisticated attacks using caller ID spoofing and voice synthesis
• Ransomware: Critical threat, can cripple firms and expose sensitive information

Understanding Data Breaches

• Definition: Breach of personal data security via unlawful destruction, loss, alteration, unauthorized disclosure, or access
• Types of Data: Personal data (e.g., credit card numbers, IP addresses)
• Sensitive Data: Includes medical data, requiring stricter protections
• Human Error: Common source of breaches (e.g., misplaced items, sending emails to wrong addresses)
• Natural Disasters & Malicious Attacks: Also significant causes of data breaches

Data Protection Principles

• Seven Principles: Focus on integrity and confidentiality (security principle)
• Key Areas:
  • Confidentiality: Prevent unauthorized access
  • Integrity: Prevent unauthorized modification
  • Availability: Ensure data access resilience

Control Areas

• Technical:
  • Firewalls, antivirus, two-factor authentication
• Physical:
  • Secure filing, office locking, alarms
• Personnel:
  • Proper screening, access controls
• Procedural:
  • IT security policies, GDPR policies, data mapping

Preventative Measures

• Plan & Monitor: Develop a plan, implement it, and regularly monitor
• Constant Review: Keep practices updated due to rapid changes

Promoting Compliance Culture

• Top-Down Leadership: Leaders set examples
• Share Learnings: Openly discuss near misses and mistakes
• Data Champions: Appoint within firm
• Regular Training: Continuous and annual
• Security Frameworks: Cyber Essentials, Cyber Essentials Plus, NIST framework

Resources for Further Information

• Law Society Resources: Clickable links for extended information
• ICO Website: Comprehensive resource for data security regulations

Conclusion

• Stay Informed: Visit relevant resources and connect on LinkedIn for updates.