Our cybersecurity self-assessment tool is designed for legal practices aiming to evaluate and improve their cybersecurity posture. It offers a straightforward assessment process that can be completed in approximately 15 minutes. All answers are fully anonymous. After going through the assessment, you will receive a downloadable report.
This report outlines the current state of your practices' cybersecurity measures, identifies potential areas of improvement, and suggests specific corrective actions to address these issues. The goal is to provide legal practices with clear, actionable insights to enhance their cybersecurity defenses effectively. Please answer all questions to the best of your knowledge.
What is the name of your practice? This is used for the purposes of creating your personalised cybersecurity assessment report. If you wish to remain anonymous, you can leave this field blank.
How many people work within your practice? (This includes lawyers and administrative staff)
2) Does anyone in your practice have specific responsibility for managing and maintaining all your IT? For example, your software, laptops, tablets, mobile phones and other devices?
3) Do you keep your practice devices and software up to date? This includes legal practice management software, computer operating system and email/word processing tools (such as Microsoft Office)
4) Do you restrict who has access to administrator privileges on devices to limit what software can be installed?
5) How do you ensure your staff use secure and unique passwords to access their devices and accounts?
6) Do you and your staff use multi-factor authentication (MFA) to access all your critical or high value applications and accounts? MFA requires two or more proofs of identity to grant you access. An example of MFA is two factor authentication (2FA) which is used for email services, cloud services storing sensitive information and banking services
7) Do you understand what types of important or sensitive information you keep in your practice, which if leaked in a cybersecurity incident, could cause you (or other parties) harm? This could include documents storing client details or other personal information, bank account details or intellectual property
8) Do you independently verify payment information prior to making payments to third parties?
9) Do you understand the legal and compliance obligations that may apply to your practice in relation to cybersecurity and handling sensitive information, such as any obligations that may apply under the Privacy Act 1998 (Cth)?
10) Do you have a process to regularly back up your important practice information, which includes testing your backups?
11) Do you take action to detect suspicious activity in your IT environment that might indicate a cybersecurity issue? For example, using antivirus software and/or having a managed service provider who monitors and manages your IT environment for you
12) Does your practice have a plan for handling potential cybersecurity incidents (known as an incident response plan)?
13) Do you take steps to make staff aware about how you protect them against cybersecurity threats? For example, sharing articles on cyber-security, face-to-face presentations or phishing exercises
14) Do you securely configure your practice mobile phones, laptops and tablets?
Thank you for completing the assessment, please wait a moment for your personalised assessment report to be generated.
If you have not had one already, consider booking a free Cybersecurity Practice Visit to learn more about the importance of cybersecurity in a legal practice.
You can find out more information about the Practice Visit Program here.
Click here to access our Cybersecurity resources