Category: Information Security

Legal Profession: Firms turning to cyber insurance as scammer attacks continue to rise

Post author By Cyber Security Helpdesk
Post date July 28, 2017

The proportion of law firms targeted by scammers has risen sharply over the last year, especially among larger firms, as has the number of practices taking out cyber-insurance, according to new research from the Law Society.

The Law Society Survey of 601 sole practitioners and firms with between two and 25 partners was commissioned for its annual review of the previous indemnity insurance round.

26% of firms said they were targeted by scammers in the previous year. This figure increases as firms got larger, to 50% of firms with 5-10 partners (Up from 34% in 2016) and 64% of firms with 11-25 partners (Up from 44% in 2016).

Most common forms of scam were spam emails/phishing. Others included: Malware/computer viruses, cyber attacks, telephone calls/vishing and invoice fraud.

The two main responses were taking internal activity (such as increased cyber security training and additional checks, balances and reminders) and updating existing security systems.

Firms contacted the police in 19% of all cases.

Approximately 42% of firms surveyed with 5-10 and 11-25 partners now have cyber insurance in place – and almost all of the others have at least considered it – although the figures fall for smaller firms.

We are interested in hearing from you about your Cyber insurance experience… Are you looking to take out Cyber Insurance for your business? Or if you already have cyber insurance, has your experience been a positive of negative one?

Tags CEO fraud, computer viruses, cyber attacks, Cyber Insurance, Cyber Liability Insurance, Friday afternoon fraud, invoice fraud, Law Society, Legal Sector, Malware, Managing Partner Fraud, phishing, telephone calls, vishing

Business Advice Cyber Security Cyber Security Training Information Security Tips & Tricks

Quick Passwords Advice

Post author By Cyber Security Helpdesk
Post date July 17, 2017

It can be difficult to think of something consisting of at least eight (or more) characters, with upper and lower case letters, numbers and symbols (the best password structure), that you’ll remember. Password fatigue can be a real problem and can lead to the situation where you’ll settle for something that’s easy to remember, but easy to guess too.

Do not fall into this trap!

The recent cyber-attack on Parliament will have seen a number staff wish that they’d put a little more effort into their password selection. Through a procedure no more complex than testing for frequently used passwords, hackers were able to access up to 90 staff email accounts, leading to officials disabling remote access to emails by MPs, peers and their staff.

Such means of accessing data is both amongst the most straightforward and the most commonplace. Staff emails are deemed the weak point of many businesses’ cyber defences. Indeed (alarmingly!) of 781 UK businesses who reported a data breach over the last 12 months, 72% of the identified breaches were targeted against employees’ emails.

Please see the diagram from the Department of Culture Media & Sport, Cyber Security Breaches Survey, Main Report, April 2017

If a third party was able to access your systems, the impact could be devastating and longstanding, damaging profits and confidence in your Business.

Weak passwords are also inexcusable in the eyes of the Information Commissioners Office (responsible for data protection) and regulators take a dim view of these too.

So the moral of the story is that if you or your colleagues have a weak password, change them immediately.

Whilst we can assist with general cyber enquiries and responding to cyber attacks and and data hacks, we unfortunately cannot advise you on which passwords to use 🙂

We can, however, advise you not to do THIS

Tags Cyber Security, Department of Culture Media & Sport, Passwords

Cyber Security Cyber Security Training Information Security UK News

Nearly 500 law firms targeted by fraudsters in new email scam

Post author By Cyber Security Helpdesk
Post date March 8, 2017

The Law Society Gazette published a report confirming that fraudsters have attempted to infiltrate the IT systems of hundreds of firms.

In an update published by the Solicitors Regulation Authority, the regulator said it has seen increasing reports of attempted cyber-crime and warned solicitors to be wary of falling victim.

Firms have reported being sent emails saying their services are required: after they respond, the scammers send attachments or links to websites.

These attachments and links might contain malware which allows the perpetrators to control or undermine IT systems.

The SRA said some of the emails relate to a property sale and are sent from a ‘Margaret’ or ‘Mary Smollins’. The email [email protected] has been used to send rogue messages.

The SRA said: ‘While genuine potential clients might indeed send information in this way, law firms should be wary of the risks of malware infecting their IT systems, and take action appropriate to their business.’

Once malware is on a system, it can record everything typed over a long period to obtain passwords or financial details, copy or modify data on the system, and allow hackers to get into the firm’s network.

Firms are advised to use cloud-based computing for storing, accessing and processing information and to inform the police and SRA immediately if they have been contacted via these emails.

Other steps can include keeping software up to date, using an anti-virus system and using encryption on mobile devices. Files should also be backed up on a regular basis including at least one back-up that is not directly and regularly connected to the main systems.

In 2016 the SRA had reports of around £7m of client money being lost to cyber-crime. Almost half of all cyber attacks are aimed at small businesses.

IF YOUR FIRM HAS BEEN TARGETED IN A PHISHING OR SPOOFING ATTEMPT, OR WORSE STILL, HAS BEEN A VICTIM OF CYBER CRIME, CONTACT CYBER SECURITY HELPDESK LTD TODAY TO DISCUSS HOW WE CAN WORK TO MITIGATE THE DAMAGE CAUSED AND RESOLVE THE PROBLEM EFFICIENTLY

Tags Cyber Security, Email Scam, Legal Sector, Professionals, Solicitors, Solicitors Regulatory Authority

Business Advice Cyber Security Cyber Security Recruitment Cyber Security Training Information Security Infosec

Cyber Security Guidance For Businesses: Home and mobile working

Post author By Cyber Security Helpdesk
Post date February 8, 2016

Assess the risks to all types of mobile working (including remote working where the device connects to the corporate network infrastructure) and develop appropriate security policies. Train mobile users on the secure use of their mobile devices for locations they will be working from. Apply the secure baseline build to all types of mobile device used. Protect data-at-rest using encryption (if the device supports it) and protect data-in-transit using an appropriately configured Virtual Private Network (VPN).