Data Protection And Cyber Security

Data Protection & Cyber Security

Our Commitment to Data Protection and Cyber Security

Protecting the confidentiality and integrity of personal data held is a critical responsibility that Duncan Lewis takes seriously at all times. At Duncan Lewis we value data protection and confidentiality above all else and we ensure that we manage personal data in accordance with all applicable data protection laws, including the UK General Data Protection Regulation (UKGDPR). Further, as evidence of its commitment to full cyber security, Duncan Lewis currently holds Cyber Essentials Plus certification and is certified to ISO 27001, the accepted global benchmark for certifying the effective management of information assets.

ISO 27001 – Information Security Management

This worldwide information management security quality mark is the only auditable international standard that defines the requirements required of an information security management system to best manage information risks, such as cyber attacks, hacks, data leaks or theft. Our certification to ISO 27001 demonstrates that we have defined and put in place best-practice information security processes. The Standard is designed to ensure the selection of adequate and proportionate security controls that help to protect information in line with increasingly rigid regulatory requirements such as the EU General Data Protection Regulation (GDPR) and Directive on Security of Network and Information Systems (transposed into UK law as the NIS Regulations and UK General Data Protection Regulation (UKGDPR))

Cyber Essentials PLUS

The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for companies of all sizes to demonstrate that the most important cyber security controls have been implemented. Obtaining Cyber Essentials PLUS involved an external independent technical audit of our systems, that are in-scope for Cyber Essentials over a course of a number of weeks both remotely and through our offices. This included: conducting an assessment on our public facing IP addresses, Website and Internal Vulnerability assessment. Cyber Essential PLUS provides five security controls that, according to the UK government, could prevent the vast majority of cyber-attacks. The Government worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials. These are a set of basic technical controls to help organisations protect themselves against common online security threats. The full scheme is backed by industry including the Federation of Small Businesses, the Confederation of British Industry and a number of insurance organisations. For more information on the Cyber Essentials Scheme, please refer to their website: https://www.cyberessentials.ncsc.gov.uk/

Protecting your data

As a firm, we are committed to keeping all personal data stored secure. In order to make sure we continue to do so, we comply with Data Subject Access Request and Information Commission’s Office legislation, as well as the UK General Data Protection Regulation (UKGDPR) which forms part of the Data Protection Act 2018. For full details on the personal data we may use as part of our service, please see our Privacy Notice. It should be noted that we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us on dataprotection@duncanlewis.com.

Red Alerts - Dealing with Fraudulent Communications by Letter or Email and Suspicious Calls

In common with many other industries, the cyber threat to the UK legal sector is significant and the number of reported incidents has grown substantially over the last few years.We treat malicious and fraudulent activity very seriously and have various protocols in place to protect our service-users and staff. If we are made aware of any red alerts, Duncan Lewis will promptly report such instances to the SRA Red Alert Team and work with the regulator and authorities in their investigations. Our Risk and Compliance team are responsible for acting on any alerts and ensuring our policies are complied with. Full details of our Red Alerts procedures and how to report scam or fraudulent activity, please see our Red Alerts page. Our Red Alert page details notifications we have received in the past on individuals and/ or organisations that have been fraudulently using or associating themselves with the identity of this company. The aim of these fraudsters is to dupe innocent members of the public into engaging with and instructing them on unauthorised (sometimes inaccurate) legal advice; causing financial loss and in some cases loss in the opportunity to properly pursue a legal remedy.

If you receive a communication purportedly from Duncan Lewis which you are suspicious of, please report this immediately to us at riskandcompliance@duncanlewis.com, or by calling 033 3772 0409.