Proactive cybersecurity reduces Law firm's risk [case study]

By Hannah Donnelly | February 3, 2020

Baker Love Case Study Blog

A proactive approach to cybersecurity

Diamond IT engaged with Baker Love Lawyers to conduct an expert analysis of their existing cybersecurity strategy, providing a comprehensive report, updates to policies and procedures, and detailed staff training.

Baker Love Lawyers acknowledge the legal implications of not securely protecting their client’s data, and so proactively reached out to the Diamond IT team to ensure they were operating under a robust cybersecurity strategy.
The main focus of the project for the Baker Love team was to ensure they were proactively and strategically protecting both their client's data and the integrity of the organisation.

Baker Love had existing cyber policies and protection strategies in place, however, requested an in-depth analysis to ensure they were fully compliant with best practice. Their goal was to identify any areas where improvements could be made. They were referred to Diamond IT, where our Technology Consulting Manager met with the Partners to discuss the implementation of a cybersecurity review.

 

Comprehensive review, analysis, and training

The Diamond IT team worked closely with The Baker Love partners to implement the below phased project.

 

Phase 1: Cybersecurity Health Check

This process used an advanced system monitoring tool and expert analysis by one of Diamond IT’s senior security experts to detect any vulnerabilities and abnormal behaviours within the organisation. A detailed assessment report was then generated, focusing on the core areas of security, productivity, performance, backup and recovery.

This report was then presented to the Senior Management team of the organisation to prioritise remediation activities. The Diamond IT team also worked closely with Baker Love Lawyers existing IT provider to ensure any technical security gaps were filled.

“Baker Love realised that all businesses are increasingly at risk of cyberattack and that humans are often the biggest risk to cybersecurity. We wanted to ensure our staff were aware of the most common and successful methods of cyberattack and the best ways to prevent it and protect the business from potential future attacks and business disruption.

We are committed to protecting our client's data so it was important for us to engage an experienced firm such as Diamond IT to conduct an independent cybersecurity health check to identify any network vulnerabilities that could be improved.”

– Rebecca Jones, Practice Manager

 

Phase 2: Cybersecurity Comprehensive

Based on the findings of the Cybersecurity Assessment report, Diamond IT’s Cybersecurity Comprehensive product was then implemented in order to address any policy or procedure gaps and prepare for any potential future data breaches.

This involved:
  • A current state and gap analysis of the Baker Love Lawyers cybersecurity environment (both Technology and Human-based).
  • A review of current policy and procedures, including a comprehensive review and updates to ensure best practice and enforce user compliance.
  • Breach Response Planning – including the development of a step by step response plan for Baker Love to use in event of a reportable data breach.
  • The comprehensive review of the policies and procedures revealed the need to consolidate a number of pre-existing policies into one ICT Acceptable Usage Policy ensuring these policies aligned with both state and federal laws and regulations including the Notifiable Data Breach Scheme (NDBS) and the Australia Privacy Principles (APP).

The Diamond IT team additionally developed a new Website Terms of Use Policy and both Internal and External Privacy policies to guide staff and clients on Baker Love’s commitment to the privacy of personally identifiable information (PII).

 

Phase 3: Cybersecurity staff education and training

The final stage of this project was training and education for the entire Baker Love team. The focus of the training was to educate the Team on the threats and attacks they are subjected to each day, giving them the tools and experience they need to identify and manage cyber threats to protect their organisation.

The Baker Love team completed two face to face training sessions during different time slots to suit their business schedule. This education not only impacts the business but benefits the employees on a personal level, with transferable skills being applied to personal cybersecurity.

In addition to the face to face training, Diamond IT conducted two Phishing Security Tests (one prior to, one a few weeks after the training) to gauge Baker Love staff’s susceptibility to phishing attacks before and after the training.


Outcomes

The Baker Love Cybersecurity Project resulted in a marked decrease in risky cyber behaviour by staff and an overall reduced cyber risk to the organisation. Baker Love continues to maintain their proactive approach to protecting their clients and their organisation in today’s current cyber environment.



“Diamond IT has helped us to better understand the risks associated with cybercrime. Through their network analysis and robust training, we have been able to ensure we are operating under a best practice cybersecurity strategy. Diamond IT is extremely knowledgeable and we found them great to work with. We had an agreed project timeline and Diamond’s Technology Consulting Manager was responsive and committed to achieving the set timeline.

We would happily work with Diamond IT again in the future.”

– Rebecca Jones, Practice Manager

How can we help:

We can help you ensure your technology, policy and staff education programs align with best practice. Our Business Technology Managers (BTMs) are specialists in improving your internal cybersecurity. Our services include:

  • Cybersecurity technology and policy assessment.
  • Cybersecurity awareness training and mock events.
  • Cyber and Data Breach consulting and forensic analysis.
  • Disaster Recovery (DR) planning.

 

Want more information about cybersecurity?

See some of our recent blogs:

 

If you need advice on how you can ensure your cybersecurity strategy is ready to protect your organisation from risk our team of cybersecurity experts are ready to help. Reach out to our team today.

LET'S TALK

 

Cyber Security Self Assessment

 

TAGS: Managed IT Services, Tech Trends and Tips, Business Value, News and General, Cyber Security, Business Technology Consulting,

About Hannah Donnelly
Hannah Donnelly

With key skills in digital marketing and communication, website design, CRM administration, and event management, Hannah supports the alignment of marketing and sales to achieve strategic business objectives. A HubSpot Inbound certified marketing professional with a Bachelor of Business majoring in Management, Hannah is passionate about using creative methods to educate organisations on how IT can enable success.