Share on social..
In the digital age, safeguarding sensitive data and protecting against cyber threats are paramount concerns for law firms and businesses alike. Directors play a pivotal role in upholding compliance, security, and cybersecurity within their firms/organisations.
In this blog post, we explore the critical importance of directors’ due diligence when selecting third-party providers and the personal accountability they bear in safeguarding their firms against potential risks.
Directors’ Responsibility and Accountability:
Directors of law firms and businesses are entrusted with significant responsibilities, including ensuring compliance with legal and regulatory requirements, safeguarding sensitive data, and protecting against cybersecurity threats. This responsibility extends to the selection and oversight of third-party providers, like IT service providers and digital marketing agencies etc, who handle critical business functions and sensitive client information.
As Lumina Technologies are an IT managed service provider, this blog will focus on examples of needing to show due diligence when choosing an external IT provider for your law firm/business.
Most directors are not technical experts and that’s okay.
Butmost also understand that they need an IT department and outsourcing to an external provider is almost always the most cost-effective option to fulfil this need.
However, choosing an external IT provider can be one of the most challenging business decisions to make, given the risk involved with the level of client data they are entrusted to secure.
Despite the Department for Digital, Culture, Media, and Sport stating that ‘MSPs [IT Managed Service Providers] are key to the functioning of essential services that keep the UK economy running’, the IT service provider industry is still not regulated.[1]
Not all providers are created equally, so it’s crucial to ensure due diligence when choosing which service provider to work with.
The Significance of Due Diligence in Vendor Selection:
Due diligence should not be merely a procedural formality but a fundamental aspect of a director’s duties. When choosing third-party providers, like an IT provider, directors must exercise due care and diligence to mitigate risks and protect the interests of their firms and clients. Failure to conduct thorough due diligence can result in severe consequences, including financial penalties, legal liabilities, and reputational damage.
When talking about the catastrophic cyber incident that plunged multiple law firms in the UK into crisis after their IT provider was breached in November 2023, cybersecurity expert Peter Wright stated:
‘Law firms need to be carrying out the same level of due diligence with regard to their IT suppliers as they would advise their own clients to do before undertaking a serious transaction.’[2]
This incident led to a multitude of conveyance firms being unable to complete house sales which left some of their clients emotionally distressed.
A prospective house buyer tweeted on X about the incident:
‘Meant to complete yesterday. Your inability to keep your cyber security in place is causing a lot of distress’.[3]
Directors’ Liability in Data Breach Incidents:
In the event of a data breach caused by a third-party provider’s security lapse, directors can face personal liability and regulatory scrutiny. Regulatory bodies such as the Information Commissioner’s Office (ICO) hold directors accountable for ensuring adequate cybersecurity measures and vendor oversight. Directors must demonstrate proactive efforts to mitigate risks and uphold compliance standards to fulfil their legal obligations.
In the example given above referring to the high-profile cyber-attack on the IT provider that impacted multiple law firms, although the law firms impacted were not directly at fault for the attack, they still had to bear the brunt of distressed clients which affected their reputation, and in some cases, may have even been threatened with legal action.
These examples serve as cautionary tales, emphasising the need for directors to prioritise due diligence and proactive risk mitigation.
Mitigating Risk Through Due Diligence:
Thorough due diligence on third-party vendors, like IT providers, is essential for mitigating the risk of data breaches and cybersecurity incidents. Directors should assess suppliers’ security practices, evaluate compliance with regulatory standards, and scrutinise contractual agreements to minimise potential vulnerabilities. By taking proactive measures to vet and monitor third-party providers, directors can safeguard their organisations and protect against legal and regulatory risks.
But HOW do you do this as a director?
Most directors reading this have probably already outsourced their IT to a third-party provider, so the best place to start is with our guide: 14 Questions To Ask Your IT Provider.
This guide includes insightful questions to not only ask your IT provider about some of their practises, but also to ask yourself about your business relationship with them.
Conclusion:
Directors of law firms and businesses shoulder a significant responsibility for ensuring compliance, security, and cybersecurity within their organisations, and this can be very stressful. The selection and oversight of third-party providers demand diligence to mitigate risks and protect against potential liabilities. By prioritising thorough vendor management practices and proactive risk mitigation, directors can uphold their duties and safeguard the interests of their firms and clients.
Call to Action:
In the dark over your IT? You need to start taking responsibility!
Here’s how you can start WITHOUT becoming a tech expert…
Discover your business IT health score with our FREE, no tech jargon, audit report.
Ignoring IT responsibilities is a common mistake made by many directors, and understanding your IT health score is a great starting point to reclaiming control of this critical business function.
It should take you between 5 and 10 minutes!
Click here to take it now!
[1] Cyber laws updated to boost UK’s resilience against online attacks – GOV.UK (www.gov.uk)
[2] News focus: Cyber-attack on law firm IT provider CTS hits conveyancing firms – what lessons need to be learned? | Law Gazette
Lumina Technologies have taken the time to understand the requirements of our business and work as our strategic IT partner, enabling us to concentrate on delivering a high quality service to our clients and focus on our growth strategy. They have delivered a 100% cloud solution to our business with no underlying infrastructure costs or maintenance, which gives us scalability for our planned growth. It also means our business critical applications and data are securely accessible from virtually all our user devices. Lumina’s professional approach and strategic expertise is highly valued and their management of our IT – based on their in-depth knowledge, leaves us confident that our systems are available 24×7.
Luke Harrison
Keidan Harrison LLP
Lumina have supported us so well through the difficult circumstances of 2020. They worked extremely hard to ensure we were able to work remotely and continue to operate our business successfully. The support team are very friendly and knowledgeable, and have excellent response times.
The team have also enhanced our cyber security which is so important in the legal sector, and they continue to provide high quality advice to help us move forward with our IT goals.
Robin Illingworth
Managing Partner, Adams & Remers LLP
The quality of IT Support provided by Lumina Technology is of the highest standard and is complemented by effective client liaison with impressive response times. Trap Oil Group plc has no hesitation in recommending Lumina as a dedicated and specialist group of IT professionals.
Martin David
Technical Director, Trap Oil Group plc
Richard and his team are a real inspiration to anyone who meets them and I have watched Lumina’s growth over the last few years with interest and admiration. Richard has been an amazing supporter of the Hospice of St Francis, being a Gold member of the Corporate Partner Network for almost two years. He takes an active interest in the community and is passionate about his company and his town: nothing is too much trouble, he is always willing to help, to give up his time and to provide business advice when asked. Lumina is an inspiration to any company wanting to set up business in Hertfordshire.
Carolyn Addison
Corporate Fundraising Manager, The Hospice of St Francis
Lumina Technologies Prism Hosted Desktop has allowed our business to centralise our global corporate data, allowing much faster access for all our staff – regardless of their location. We have also been able to simplify and reduce our infrastructure and management overhead. With the new Prism Hosted Desktop solution all staff now have simple and secure access to corporate data using any device they choose. Prism Hosted Desktop has increased the productivity of our staff and given us a single, consistent and familiar experience for all users from any device, in any location, 24/7.
Katherine Roe
Chief Executive Officer, Wentworth Resources PLC
The commercially sensitive and regulated nature of Lambert Energy Advisory’s business requires an IT provider able to maintain the highest levels of integrity and confidentiality, Lumina Technologies has consistently been unimpeachable in this regard over the nine years we have employed them.
Patrick Agar
Lambert Energy Advisory
It has been a great pleasure working with Lumina Technologies over the past two years. They have fully committed to being involved in the local community with volunteering and with professional advice and commitment, helping many local charities along the way. As a growing company it proves that being involved in the local community is helping them attract and retain a talented workforce and I look forward to working with them well into the future.
Cindy Withey
Connect Dacorum
Hawkstone Management Services Ltd is a small company for which IT Outsourcing is realistically the only viable option. Lumina Technologies have successfully performed this role for over fifteen years. They also provide innovative solutions to keep pace with technological progress. I would have no hesitation in recommending Lumina to similar sized businesses.
Stephen Pembury
Hawkstone Management Services Ltd
Charles Douglas Solicitors LLP have been using Lumina Technologies for a number of years now and continue to be impressed by the technical know-how and contemporary knowledge of their senior management, who provide a timely, efficient and friendly service. Whether it is a small issue with one computer, or a strategic IT decision, they maintain a current knowledge of available technologies. Lumina are always at the other end of the phone to help resolve issues and minimise business interference. The technical knowledge of Richard and his senior team means that there has not been a problem that they can’t solve to date. I am sure we will continue to use them in the years to come.
Charles Douglas
Managing Partner, Charles Douglas Solicitors LLP
The team at Lumina Technologies have made the Amoun Travel & Tours office IT transition seamless and problem free. The office set-up has been vastly improved and the IT Support services are flawless. No issue goes unresolved, which is extremely reassuring.
Adam Helmy
Amoun Travel & Tours Ltd
Lumina Technologies has been Salamander Energy plc’s IT provider since start-up in 2005 and has supported us in London during our expansion across operational offices in SE Asia. Their professional approach, strategic advice and close co-operation have been essential in making this a success.
John Bell
Group Technical Director, Salamander Energy plc
Richard and his team at Lumina have provided Perrett Laver Limited with high quality strategic and practical IT Services for over ten years. During this period, Perrett Laver has grown from 10+ colleagues based in London to nearly 100 colleagues located in six offices across the Americas, EMEA and Asia-Pacific. Richard and the Lumina team have not just been responsive to our ‘everyday’ IT needs, but have proactively sought to work with us on developing an infrastructure suitable for the type of operation we are today, and are planning to be months and years down the line. I would not hesitate to recommend Richard, especially for small to medium size business with growth in mind.
Clementine McKinley
COO, Perrett Laver Limited
Society Limited has been supported by Lumina Technologies since our earliest start-up phase. From large logistical challenges like an office move, through to smaller fiddly issues like fixing a faulty e-template, we know we can count on their support and advice. They’ve also been able to engage with us strategically on the challenge of scaling-up our infrastructure as the firm continues to grow and evolve. We always feel confident going to Lumina with a problem, since we know they genuinely care about sorting things out and helping us to get on with our core business.
Simon Lucas
Managing Director, Society Limited
The Vita Group HQ staff have worked with Richard McBarnet and Lumina Technologies for over 9 years, with Lumina providing all our PC, server, phone, and software support. The services have included C-level executives based in London, Manchester, the US, as well as supporting home office IT as well. The service provided and intellectual capabilities are outstanding and we would highly recommend Richard and his Lumina team.
Joe Menendez
CEO, The Vita Group
We worked with Lumina on a GDPR Audit. Richard was knowledgeable and professional throughout, and did the best he could to bring a dry topic to life through lots of real life examples and analogies. We were so impressed with the service Lumina provided and the value we got from partnering with them on this project – we couldn’t recommend them enough.
Holly Cottingham, Vintec Laboratories
