LawGuard Cyber Risk Assessment

1. Company and Contact Details


1. Please provide your firm name (as it is registered with Companies House) *


2. Please provide your Companies House registration number *


3. Please provide your firm address (as it is registered with Companies House) *


4. Please provide your firm trading address *


5. Authorised Signatory Name *


6. Contact Email Address *


7. What is your website address? *


8. What is your business type *


9. Please provide a brief description of your main areas of law *


10. What is your annual fee income? *


11. How many fee earners are in your organisation? *


12. How many non fee earning staff are in your organisation? *


13. How many locations are there where your staff spend most of their time? *


14. Are you an authorised ABS *


15. Who is responsible for managing the Information Systems in the scope of this assessment? *


16. How many locations are there where your company controls an internal network in that office? *


17. How many locations are there where your company has a rental (or equivalent) contract to work there (e.g. managed office or hotdesk) but uses a network which it does not control? *


18. Who controls the network in those contracted offices?


19. Have you outsourced your network administration to an external supplier *


20. How many staff regularly work from home? *


21. Do you use a public cloud provider/data centre (e.g. Google Drive, Dropbox etc. ) or a contracted data centre provider to store or share files and information between employees? *


22. When was the last time you had a vulnerability scan on your network? *


23. Do you use firewalls to protect your systems and devices from outside threats? *


24. Have you installed anti-malware software on all your computers and laptops in scope? *


25. Have you installed anti-malware software on all mobile devices used for business purposes? *


26. Do you have a process for regularly patching software? *


27. Do you have a current Risk Assessment?

When considering the various risks to your organisation, such as loss of cashflow, reputation and so on, you should include the consequences of losing the confidentiality, integrity and availability of your information. *


28. Do you have up-to-date asset registers? *


29. Are only authorised personnel, who have a justified and approved business case, given access to restricted areas containing information systems or stored data? *


30. Do you have in place a written Data Protection Policy? *


31. Do you have a current Security Policy?

A Security Policy can be stand-alone or incorporated into other policy, but it should set out your objectives for managing your security *


32. Who is your PII insururer *


33. Do you have any cyber or crime insurance in place? *


34. Does your organisation hold any security accreditations such as Cyber Essentials, IASME CE, or ISO 27001:2013? *


35. Do you have an Incident Management plan? *


36. Does the organisation ensure that business impact assessment, business continuity and disaster recovery plans are produced for all mission critical information, applications, systems and networks? *


37. As part of the LawGuard service, we may send you a small handheld size device which is used for vulnerability scanning of your network. This helps easily identify areas for which you may be exposed and provide valuable feedback on how to mitigate these risks.

To enable us to provide this additional service, we are obliged by law to ask you to confirm you have read and understood our Computer Misuse Act 1990 waiver and equipment loan form found here 
Computer Misuse Act 1990. *