Cyber Security awareness in the legal profession in Scotland

I have been working with the legal profession for more than ten years in Scotland, and I was surprised to see the lack of awareness of cyber threats and basic cyber hygiene in law firms. There was a large gap in the understanding why a law firm is a primary target of cyber criminals, as well as understanding things like Digital Evidence.

The data breaches of law firms like Mossack Fonseca (Panama Papers) and Appleby’s (Paradise Papers), started creating awareness in the profession worldwide.

I have to say, and not many people actually know about it today (something about not reading a lot of history!) but the Law Society of Scotland was in the forefront of data protection in the UK and the world. This story goes back to 1984 when the Parliament received a request to examine “the applicability and effectiveness of the criminal law in Scotland in relation to the use and abuse of computers …”.

At the time the UK Parliament did not see the need of any changes in the legal system, as all of this was “alleged application” of “wizardry” by so called “hackers” !

As a matter of fact, things like “Denial of Service” and access had been predicted, but the legislators did envisage an eventuality where this would be realised.

Now Scotland is moving ahead in its game and the Law Society of Scotland is leading the way to create awareness in the legal profession.

When I joined The Cyber Academy at Edinburgh Napier University, I knew that Prof Bill Buchanan OBE, was already a speaker in the LSoS conferences. But in the last two years our engagement with the Law Society of Scotland had been taken to a new level. We were both invited to speak to conferences, seminars, data protection roadshows and any other event that could accommodate a cyber security scheme. Both myself and Bill were invited to become members of Society’s Accredited Legal Technologist Advisory Panel.

We started our discussions with the Society last year, in order to deliver CPD training on their behalf, in the field of cyber security and digital evidence. Soon the conversation turned to the society’s new Cyber Security Certification.

Although this week’s inaugural course was postponed due to force majeure (namely COVID-19), the scheme stays alive and solicitors can still contact the Law Society of Scotland to express interest and be informed of all rescheduled classes. As I was informed, the registrations for the first classes were already meeting and exceeding expectations.

It is a very positive sign to see the legal profession engaging cyber security issues, and for their professional body to lead the digital transformation in the profession.

If you are a solicitor, I would advise you to click on the link below and check out the curriculum of the certificate. There is no question if this course is for you. It is! And if you are a small firm or a small practitioner it is even more relevant to you.