Category: Cyber Security Training

Categories
Business Advice Cyber Insurance Cyber Security Cyber Security Training Cybercrime Information Security Legal Sector Professional Practices

Legal Profession: Firms turning to cyber insurance as scammer attacks continue to rise

The proportion of law firms targeted by scammers has risen sharply over the last year, especially among larger firms, as has the number of practices taking out cyber-insurance, according to new research from the Law Society.

The Law Society Survey of 601 sole practitioners and firms with between two and 25 partners was commissioned for its annual review of the previous indemnity insurance round.

26% of firms said they were targeted by scammers in the previous year. This figure increases as firms got larger, to 50% of firms with 5-10 partners (Up from 34% in 2016) and 64% of firms with 11-25 partners (Up from 44%  in 2016).

Most common forms of scam were spam emails/phishing. Others included: Malware/computer viruses, cyber attacks, telephone calls/vishing and invoice fraud.

The two main responses were taking internal activity (such as increased cyber security training and additional checks, balances and reminders) and updating existing security systems.

Firms contacted the police in 19% of all cases.

Approximately 42% of firms surveyed with 5-10 and 11-25 partners now have cyber insurance in place – and almost all of the others have at least considered it – although the figures fall for smaller firms.

We are interested in hearing from you about your Cyber insurance experience… Are you looking to take out Cyber Insurance for your business? Or if you already have cyber insurance, has your experience been a positive of negative one?

Categories
Business Advice Cyber Security Cyber Security Training Information Security Tips & Tricks

Quick Passwords Advice

It can be difficult to think of something consisting of at least eight (or more) characters, with upper and lower case letters, numbers and symbols (the best password structure), that you’ll remember. Password fatigue can be a real problem and can lead to the situation where you’ll settle for something that’s easy to remember, but easy to guess too.

Do not fall into this trap!

The recent cyber-attack on Parliament will have seen a number staff wish that they’d put a little more effort into their password selection. Through a procedure no more complex than testing for frequently used passwords, hackers were able to access up to 90 staff email accounts, leading to officials disabling remote access to emails by MPs, peers and their staff.

Such means of accessing data is both amongst the most straightforward and the most commonplace. Staff emails are deemed the weak point of many businesses’ cyber defences. Indeed (alarmingly!) of 781 UK businesses who reported a data breach over the last 12 months, 72% of the identified breaches were targeted against employees’ emails.

Please see the diagram from the Department of Culture Media & Sport, Cyber Security Breaches Survey, Main Report, April 2017

If a third party was able to access your systems, the impact could be devastating and longstanding, damaging profits and confidence in your Business.

Weak passwords are also inexcusable in the eyes of the Information Commissioners Office (responsible for data protection) and regulators take a dim view of these too.

 

So the moral of the story is that if you or your colleagues have a weak password, change them immediately.

Whilst we can assist with general cyber enquiries and responding to cyber attacks and and data hacks, we unfortunately cannot advise you on which passwords to use 🙂

We can, however, advise you not to do THIS

Categories
Cyber Security Cyber Security Recruitment Cyber Security Training Cybercrime UK News

Cybercrime Failure Costly

In today’s news, the National Audit Office has criticised police, the government and banks for failing to tackle cybercrime after it was revealed just one in 150 police officers is dedicated to investigating cyberfraud.

The NAO says the cost to the economy as a whole was £144bn last year.

Sir Amyas Morse, head of the National Audit Office, said: “For too long, as a low-value but high-volume crime, online fraud has been over-looked by government, law enforcement and industry. It is now the most commonly experienced crime in England and Wales and demands an urgent response.”

Categories
Cyber Security Cyber Security Training Information Security UK News

Nearly 500 law firms targeted by fraudsters in new email scam

The Law Society Gazette published a report confirming that fraudsters have attempted to infiltrate the IT systems of hundreds of firms.

In an update published by the Solicitors Regulation Authority, the regulator said it has seen increasing reports of attempted cyber-crime and warned solicitors to be wary of falling victim.

Firms have reported being sent emails saying their services are required: after they respond, the scammers send attachments or links to websites.

These attachments and links might contain malware which allows the perpetrators to control or undermine IT systems.

The SRA said some of the emails relate to a property sale and are sent from a ‘Margaret’ or ‘Mary Smollins’. The email [email protected] has been used to send rogue messages.

The SRA said: ‘While genuine potential clients might indeed send information in this way, law firms should be wary of the risks of malware infecting their IT systems, and take action appropriate to their business.’

Once malware is on a system, it can record everything typed over a long period to obtain passwords or financial details, copy or modify data on the system, and allow hackers to get into the firm’s network.

Firms are advised to use cloud-based computing for storing, accessing and processing information and to inform the police and SRA immediately if they have been contacted via these emails.

Other steps can include keeping software up to date, using an anti-virus system and using encryption on mobile devices. Files should also be backed up on a regular basis including at least one back-up that is not directly and regularly connected to the main systems.

In 2016 the SRA had reports of around £7m of client money being lost to cyber-crime. Almost half of all cyber attacks are aimed at small businesses.

IF YOUR FIRM HAS BEEN TARGETED IN A PHISHING OR SPOOFING ATTEMPT, OR WORSE STILL, HAS BEEN A VICTIM OF CYBER CRIME, CONTACT CYBER SECURITY HELPDESK LTD TODAY TO DISCUSS HOW WE CAN WORK TO MITIGATE THE DAMAGE CAUSED AND RESOLVE THE PROBLEM EFFICIENTLY

Categories
Cyber Security Cyber Security Training Infosec

Hackers ‘can bypass cyber security defences within 12 hours’

Nearly nine in ten hackers say they can break through any cyber security defences they target within 12 hours of launching an attack, according to a new report by Nuix.

The Nuix report found that 88 per cent of attackers were confident they could bypass protections on systems they turn their attention to in half a day.  81 per cent of the professional hackers and penetration testers surveyed at DEFCON said they could identify and take valuable data from their target system within another 12 hours.

But the damage could be even greater for companies targeted by attackers, as most breaches stay undiscovered for hundreds of days, giving cyber criminals plenty of opportunity.

“Data breaches take an average of 250 to 300 days to detect – if they’re detected at all,” said Chris Pogue, chief information security officer at Nuix. “But most attackers tell us they can break in and steal the target data within 24 hours. Organisations need to get much better at detecting and remediating breaches using a combination of people and technology.”

According to the report, hackers are almost never slowed down by measures like firewalls and anti-virus solutions, but endpoint security technologies presented more of an obstacle.  This is because more than half of those questioned change their methods with every target, meaning defences based on known files and attacks are less effective.

A third of the hackers surveyed said organisations never detected their activities.

These findings come just a few months after another report found that half of IT professionals are more concerned about.  73 per cent said they were most concerned about malware installed by careless employees, while 66 per cent were worried about stolen or compromised credentials and 65 per cent were concerned about stolen data.

For more from the report, see the Nuix website.

This Nuix report further underscores the importance of not only having an incident response or business continuity plan following a Cyber Attack, but to ensure that any such plan is implemented properly, quickly and efficiently.

CONTACT CYBER SECURITY HELPDESK TO TALK TO ONE OF OUR CYBER INCIDENT RESPONSE TEAM ABOUT HOW WE CAN HELP YOUR BUSINESS.

Categories
Cyber Security Cyber Security Recruitment Cyber Security Training

Cyber Security Threats to Professional Practices

In today’s interconnected world, cyber attacks are a threat to all businesses and law and accountancy firms are particularly attractive sources of information for criminals.

Commercial data, IP information and sensitive client data may all be targeted.

The Information Security Breaches Survey 2014, commissioned by the Department for Business, Innovation and Skills and carried out by PwC, found that 81% of large organisations and 60% of small businesses had suffered a security breach during the previous year.

The average cost of an organisations’ worst breach was between £65,000 and £115,000 for small businesses and between £600,000 and £1.15 million for large organisations.

If you are a professional firm, then Contact Cyber Security Helpdesk Today to discuss training for your firm’s staff.

Our courses, which are UK Government approved, as part of their National Cyber Security Strategy, have the support of both the Law Society and ICAEW.

They aim to:

• Increase your awareness of cyber security issues so that you can apply the knowledge in your own context.

• Help you to protect both yourself and your business.

• Help you to be more aware of security issues and more confident of discussing these with clients.

The course covers:

• What cyber security is

• How it affects you and your clients

• Why you should care about it

• Cyber threats to your business and you

• Cyber attacks (phishing and hacking) and their impacts

• Mitigating the impacts Course Format Designed for both lawyers and accountants this online course is designed to last for one hour and is structured into four modules.

• Introduction to cyber security

• Cyber security – your responsibilities

• Managing the cyber risk

• Scenarios

The courses are interactive and include a series of brief quiz questions will test your understanding of the learning materials as you progress through the course.

Contact Cyber Security Helpdesk Today to discuss your Cyber Security Recruitment and Training requirements

Categories
Business Advice Cyber Security Cyber Security Recruitment Cyber Security Training Information Security Infosec

Cyber Security Guidance For Businesses: Home and mobile working

Assess the risks to all types of mobile working (including remote working where the device connects to the corporate network infrastructure) and develop appropriate security policies. Train mobile users on the secure use of their mobile devices for locations they will be working from. Apply the secure baseline build to all types of mobile device used. Protect data-at-rest using encryption (if the device supports it) and protect data-in-transit using an appropriately configured Virtual Private Network (VPN).