New training available for professionals on the front line of cyber-attacks

7 Oct 2014 01:08 PM

New course is launched to help members of the legal and accountancy professions protect themselves and their clients from cyber-attacks. 

Digital Economy Minister Ed Vaizey will today (7 October 2014) launch a new free online training course to help members of the legal and accountancy professions develop the skills they need to protect themselves and their clients from cyber-attacks.

The new course, developed by government and industry, will also enable lawyers and accountants to advise their clients. This will help UK businesses protect themselves from information breaches and other threats that could potentially cost them millions of pounds.

The course will increase awareness of common cyber risks and threats they may experience in the workplace and how to prevent and deal with them. It provides advice on how to safeguard digital information, raise awareness of cyber issues amongst clients and gives examples of how to deal with issues such as information breaches in the workplace.

Minister for the Digital Economy Ed Vaizey said:

Members of the legal and accountancy professions deal with sensitive client information on a daily basis and can be a target for cyber-attacks.

The new course we are launching today makes cyber security part of the day job for lawyers and accountants. It provides members of both professions with tailored and relevant guidance on how they can better protect themselves and their clients from cyber threats. It’s essential government and industry work together to protect UK companies from online attacks that can cause millions of pounds worth of damage.

Law Society deputy vice-president Robert Bourns said:

Cyber crime has the potential to compromise both clients’ and solicitors’ sensitive data. Training to raise awareness and understanding for all involved in practice is an important part of protection. That is why we are supporting our members by providing this bespoke training package, developed in partnership with the Government and other professional bodies.

As well as undertaking this essential training, I urge solicitors to take part in the Cyber Security Information Sharing Partnership, which shares cyber threat and vulnerability information in a secure online environment.

Martyn Jones, Immediate Past President of ICAEW (Institute of Chartered Accountants in England and Wales), said:

ICAEW is committed to helping companies develop robust cyber security processes and has been working with and supporting government initiatives in this area for the last two years. Cyber security threats are a tremendous potential risk to business, in particular small and medium sized companies.

Much of the risk centres on behaviour and ensuring employees do the right thing. The training launched today will help accountants become more knowledgeable and confident to support their clients in reducing risks and increasing their cyber hygiene.

The new online course is funded by the government’s 5-year, £860 million National Cyber Security Programme to make the UK one of the safest places in the world to do business online. The programme aims to improve cyber security skills at all levels and work with associated professions to make industry more resilient to cyber-attack.

It also complements other e-learning initiatives being launched by government to help micro, small and medium-sized enterprises. This includes the Responsible for Information course, available online from today, by The National Archives. It provides guidance to small companies on how they can better protect their data and get to grips with the risks associated with information security.

Notes to Editors

  1. The free training programme will be announced by Ed Vaizey in a speech to legal and accountancy professionals at the Law Society in London today. It has been developed by government in partnership with the Law Society; the Institute for Chartered Accountants in England and Wales (ICAEW) and Solicitor’s Regulatory Authority and can be accessed online via the Law Society website.
  2. The government’s work on cyber security focuses on building partnerships with industry, academia and international partners. The new online course launched today demonstrates the government’s partnership with the legal and accountancy professions, and builds on previous work developed in partnership with industry, such as the Corporate Finance Cyber Security Guidance.
  3. Trusted professionals like accountants and lawyers are on the front line of cyber-attacks – they are privy to sensitive information (e.g. client lists, personal information, sensitive commercial information about upcoming deals) which might be attractive to criminals/others. They are also well-placed to encourage their clients to take appropriate actions to protect themselves.
  4. The training is part of the government’s wider strategy to improve cyber security skills at all levels and make the UK one of the safest places in the world to do business online. It has been developed with funding from the National Cyber Security Programme, a 5-year, £860 million cross-Government programme to support economic prosperity, protect national security and safeguard the public’s way of life.
  5. Legal and accountancy professionals who take the course will be able to:
    • understand the basics of the cyber threat including techniques such as phishing and social engineering
    • be more confident when discussing cyber issues with clients
    • help their clients understand cyber risks and possible impacts
    • offer advice on best practice and signpost to advice/solutions
    • better understand how to protect client data
    • be more aware of how to handle information loss or theft, and be able to help clients recover and respond
    • understand the commercial advantages of having good cyber security
  6. The e-learning comprises 4 modules: 1) an introduction which describes the risks and impacts on business and individuals; 2) responsibilities for lawyers and accountants (e.g. data protection); 3) how to manage the cyber risk, including where businesses can get help from government and the private sector; and 4) scenarios, including best practice responses to cyber incidents and risks associated with new technologies.
  7. The Responsible for Information (RFI) e-learning package for micro, small and medium-sized enterprises is available on The National Archives’ website.
  8. The training is part of a wider package of advice, support and skills initiatives for businesses, including:
    • Cyber Essentials, a new government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats
    • Cyber Streetwise, the cross-government behaviour change campaign to help consumers and small businesses
    • Cyber Security Innovation Vouchers, which provide funds for businesses to invest in cyber protection
    • the “Introduction to Cyber Security” MOOC (massive, open, online course), a free course from the Open University to help improve cyber knowledge and skills
  9. The UK Cyber Security Strategy (November 2011) sets out how the UK will support economic prosperity, protect national security and safeguard the public’s way of life by building a more trusted and resilient digital environment. The National Cyber Security Programme (NCSP) within the Cabinet Office coordinates and funds work undertaken by government departments to implement the UK Cyber Security Strategy. Information on progress against the strategy and achievements of the National Cyber Security Programme can be found at Keeping the UK safe in cyber space.
  10. Cyber security facts and figures:
    • in 2013 the UK cyber security sector was worth over £6 billion and employed around 40,000 people
    • the number of people employed in the UK cyber security sector is predicted to grow in coming years
    • 1 in 6 businesses are not confident they’ll have sufficient security skills to manage their risks in the next year
    • 81% of large organisations had an information security breach in the past year
    • 60% of small businesses had an information security breach in the past year
    • £600,000 to £1.15 million is the average cost to a large organisation of its worst security breach of the year (up from £450,000 to £850,000 a year ago)
    • £65,000 to £115,000 is the average cost to a small business of its worst security breach of the year (up from £35,000 to £65,000 a year ago)