2021 started with a January like no other and lockdown life continues as we move into February. As many of us continue to work from home, this brings with it its very own set of remote-working challenges.
The BBC recently reported "One in five UK home workers has received no training on cybersecurity, according to a recent survey by legal firm Hayes Connor Solicitors”.
We’ve compiled our top ten reasons why this increases risk for law firms and how best to mitigate against these.
- Outdated browsers and software Did you know not running with the most current versions of internet browsers or software such as Microsoft Office is high risk? Older systems have widely-published vulnerabilities which criminals can easily spot, exploit and gain access to your important, sensitive data.
- Shutting down your computer You’re in a rush, it’s been a long day and you’re hastily making for the door. Shutting down your PC just doesn’t seem a priority. But by skipping this simple step you’re showing another chink in your company’s armour to cyber criminals. Shutting down your computer is when all the software, files and programmes are closed and the RAM memory is cleared. Employees must do this to keep security watertight.
- Frequently used passwords Many of us struggle with remembering the multitude of passwords we need for all variety of permissions. We often think that by using the same password across multiple platforms, it’s easy to keep them in mind. Whilst this may be true it’s also like handing a hacker the keys to your office. Easily cracked passwords or using ones that have been published through a databreach can grant very quick access to your accounts.
- Illegitimate emails Criminals are getting wiser about how they target victims with what’s known as “phishing” attacks. They’ll masquerade as a trusted source over email, instant message or text message. Emails can be cloned to such an extent that they can look truly legitimate. But one wrong click could lead to user credentials, log in details and financial information being stolen in just minutes.
- “Drive-by” attacks If your internet browser and work devices aren’t configured correctly, users unintentionally can download malicious code whilst surfing the web, without ever knowing. Most commonly this has been seen via objectionable websites but is becoming more common from legitimate sources or social media links because of malicious software (malware).
- False invoice attacks Outside of your organisation, one of your suppliers could be the victim of a cyber-attack. We’ve seen many instances where this “highjacking” results in fake invoices being sent to the highkacked company’s associates and clients. These invoices will look realistic and come from a trusted source but meanwhile false payment details have been planted ultimately leading to a loss of funds.
- Social engineering Many law firms favour using signatures in auto replies and out of offices. However this could be potential gold to a cyber-criminal, as they infiltrate your systems and seek to impersonate your systems as closely as possible.
- Misconfigured DNS Your email provider uses DNS to confirm the emails that you receive really come from the true sender. However if your DNS is misconfigured it can easily allow criminals to impersonate your emails and send messages that appear to have come from you.
- Ransomware This can happen via phishing attacks, malicious social media, outdated software or even USB sticks that fall into the wrong hands. If this happens you could lose access to important documents and data saved on your device. Your machine or server would be encrypted until you pay up.
- Compromised devices Buying devices from unreputable sources have been known to come with malicious software already installed. It’s imperative to ensure that all your company’s employees are only using approved devices and resources when plugged into the company’s network. Criminals do not discriminate and will go after the weakest elements of your team and exploit this to their own ends.
Join Tom Lyes from Lawyer Checker on Wednesday 10th February at 12noon for our FREE webinar to discuss why your business should have the government-backed accreditation Cyber Essentials+. Here you'll find out more about the benefits of holding Cyber Essentials accreditation and how the process works.
Gaining Cyber Essentials+ accreditation can reduce threat from cyber criminals
