Cyber resilience – the ability to withstand both attacks on your computer network and attempts to steal valuable client data – is a business priority which an increasing number of legal firms in London and UK depend on us for year after year.
The threat constantly evolves and grows – and legal firms are at particular peril. In this article, we look at the 6 biggest current threats as we perceive them.
1. Bring your own device policies
A sensitive area for many legal firms is their “bring your own device” policy. Whereas in previous years colleagues would take a work laptop home with them or out on the road, most of the functions they used to carry out on these devices can now be performed just as successfully on a smartphone or a tablet via a web browser.
From an access point of view, there’s now just no real need to invest in out-of-office portable IT for firms nor the software that’s loaded onto it.
However, sensitive company information, particularly emails, can be intercepted on insecure WiFi connections and your firm’s executives may find themselves and the technology they use targeted for special attention by cybercriminals.
More so than ever before, investment in encryption and a strong firewall is essential.
2. The threat from within
Graham Cluley, independent security researcher, told Computer Weekly that while most company focus is on external cyberthreats, "a significant threat is also posed by employees who can have authorised access to the company network from behind the firewall".
That threat still exists. It’s rare that bad actors internally will try to steal money from your company – it’s more likely your data that’s got the greater commercial value to them.
Because your staff are behind your firewall, there’s always going to be a degree of vulnerability your firm will be exposed to. However, much of that can be offset by banning removable media from your firm and installing software which monitors access to and transfer of data files that are most sensitive.
Bitcoin may have fallen in value by two-thirds since its peak in December 2017 but its value is still tens of thousands of times greater than it was even five years ago. The crypto-currency sector is still enormous and, because of the computing power needed to “mine” currency, the barriers to entry are high.
There has, in the last year or two, been a growing threat to computer users through the surreptitious installation of crypto-jacking software – software which uses your terminals’ and network’s computing power to mine for Bitcoin.
Crypto-jacking software puts a very heavy workload on the computers and systems onto which it has been installed often leading to hugely impaired performance and sometimes even the failure of a system and the computers attached to it. In addition, crypto-jacking software authors may intentionally leave holes in their software to allow them to download other types of malware later in the future.
4. Reliance on biometrics
Many of us now possess smartphones and other portable devices which use biometrics to allow user access. The biometrics employed are usually facial mapping, iris recognition, and fingerprint scanning.
Despite popular belief, biometrics is not fool proof because the information needed to unlock a device is stored somewhere and that data can be stolen. As David Emm, principal security researcher at Kaspersky Labs, tells ITPro, “biometrics should be combined with passwords…If I choose a poor password and it's compromised, I can change it; if my fingerprint data is compromised, there's nothing I can do about it."
As a last line of defence, legal firms should consider using multi-factor authentication in combination with passwords, biometrics, or both.
5. Inadequate mobile security
We’re all familiar with the need to keep the software on our terminals and networks patched with the latest software releases. These patches are not only needed to offer your users maximum functionality from the software but also to protect the machines from viruses and malware.
Security experts argue that this same approach should be taken with smartphones, tablets, and connected laptops. The complexity of modern mobile technology is the things which creates a significant vulnerability to malware, viruses, and other forms of cyberattack.
Please read our article on "Mobile device management - keeping your critical data secure".
6. Social media – too much of it
Clients expect to be able to engage with you and your firm when they please and by whatever channel. They expect an openness and transparency from you and your colleagues and that expectation extends to your presence on social media – both as a company and as colleagues on an individual basis.
Too much information about who works at your firm and what they do puts you at risk of invoice fraud and, if your firm is involved in it, conveyancing fraud.
More questions about cyber threats? Contact our cyber resilience experts at Sprout IT
Sprout IT works with solicitors’ practices and barristers’ chambers across London and the South East. To speak with one of our team about crafting a better cyber resilience strategy, please call us on 020 7036 8530 or email us.