Cybersecurity Self-Assessment Tool

Cybersecurity Assessment
0%

Welcome to the Cybersecurity Assessment Tool

Our cybersecurity self-assessment tool is designed for legal practices aiming to evaluate and improve their cybersecurity posture. It offers a straightforward assessment process that can be completed in approximately 15 minutes. All answers are fully anonymous. After going through the assessment, you will receive a downloadable report.

This report outlines the current state of your practices' cybersecurity measures, identifies potential areas of improvement, and suggests specific corrective actions to address these issues. The goal is to provide legal practices with clear, actionable insights to enhance their cybersecurity defenses effectively. Please answer all questions to the best of your knowledge.

What is the name of your practice? This is used for the purposes of creating your personalised cybersecurity assessment report. If you wish to remain anonymous, you can leave this field blank.


How many people work within your practice? (This includes lawyers and administrative staff)

* Response required

2) Does anyone in your practice have specific responsibility for managing and maintaining all your IT? For example, your software, laptops, tablets, mobile phones and other devices?






* Response required

3) Do you keep your practice devices and software up to date? This includes legal practice management software, computer operating system and email/word processing tools (such as Microsoft Office)






* Response required

4) Do you restrict who has access to administrator privileges on devices to limit what software can be installed?




* Response required

5) How do you ensure your staff use secure and unique passwords to access their devices and accounts?






* Response required

6) Do you and your staff use multi-factor authentication (MFA) to access all your critical or high value applications and accounts? MFA requires two or more proofs of identity to grant you access. An example of MFA is two factor authentication (2FA) which is used for email services, cloud services storing sensitive information and banking services





* Response required

7) Do you understand what types of important or sensitive information you keep in your practice, which if leaked in a cybersecurity incident, could cause you (or other parties) harm? This could include documents storing client details or other personal information, bank account details or intellectual property



* Response required

8) Do you independently verify payment information prior to making payments to third parties?



* Response required

9) Do you understand the legal and compliance obligations that may apply to your practice in relation to cybersecurity and handling sensitive information, such as any obligations that may apply under the Privacy Act 1998 (Cth)?




* Response required

10) Do you have a process to regularly back up your important practice information, which includes testing your backups?





* Response required

11) Do you take action to detect suspicious activity in your IT environment that might indicate a cybersecurity issue? For example, using antivirus software and/or having a managed service provider who monitors and manages your IT environment for you





* Response required

12) Does your practice have a plan for handling potential cybersecurity incidents (known as an incident response plan)?





* Response required

13) Do you take steps to make staff aware about how you protect them against cybersecurity threats? For example, sharing articles on cyber-security, face-to-face presentations or phishing exercises





* Response required

14) Do you securely configure your practice mobile phones, laptops and tablets?




* Response required