Responding to a cyber attack

This section will provide information on what to consider when an attack is detected.

Ongoing attack

In the event of an attack where criminals may still have access to your systems or may hold you to ransom, the Law Society recommends:

  • disconnecting any infected machines from your IT network,

  • contacting your IT support team for immediate help,

  • refraining from accessing your system backup until all infected computers have been cleaned, and

  • considering your reporting requirements and your obligations under applicable data protection laws.

Who to contact

You should ideally have identified, before an attack, the persons you would need to contact in the event of an attack. Depending on the nature of the attack, examples of key contacts may include:

  • your client

  • your IT provider/cybersecurity expert

  • your financial institution

  • your insurance company

  • The Law Society,

  • External regulators, such as the Data Protection Commission (if applicable), and

  • An Garda Síochána.

See more information under reporting an attack.

Understanding your responsibility

The Regulation of Practice Committee has advised practitioners that any deficit arising in client moneys held by a practice is the personal responsibility of the partners/principal of the practice, whether caused by a solicitor or staff member or as a victim of cybercrime.