If 2020 taught us anything, it’s that it has never been more important to allocate budgets and resources to mitigate known risks. Cybercrime is one of the most serious risks.
Here are a few headline tips:
1. Invest time to understand your risk from cyberattacks
Cyberattacks are indiscriminate: they hit any vulnerability they can find. We suggest you get the right group of experts together to assess your risks, and then consider the controls you have in place to reduce those risks: policy, training, software, support, etc.
2. Stop assuming your IT support have this covered
The law firms that got hit last year assumed this. In our experience, IT do not look after this, because they are not risk or cyber experts and you are frankly not paying them to shoulder this responsibility.
3. Change employee habits through training, testing and simulation
All the incidents we investigated last year had an element of human error. But bad habits can be changed. These include link-clicking, alert-ignoring, update-delaying, data-syncing etc. Best practice is to follow up training with simulated attacks on staff.
4. Write and communicate a mobile phone policy
Don’t forget mobile phones. Personal and work mobile use can be necessary for business. But have you got a policy, with necessary controls in place? Cybercriminals increasingly rely on mobiles as an entry point into company systems.
5. Prove to yourself that your backup actually works
Most backups we check will not survive a ransomware attack, because they are poorly configured. Have you ever had yours checked? And is it still operating correctly in this remote working world? Staff may have started storing files locally for convenience, or even using third-party storage.
Obviously, this is not an exhaustive list, but it should get you thinking about a subject that isn’t going away. Cybercriminals are more organised than ever, and their attacks are increasingly sophisticated. It’s a lucrative business for them, so they invest resources into constantly improving their game. We suggest you do the same.
- Civil court: Nuts and bolts issues
- Corporate: The limits of reflective loss
- Intellectual property: rights in employee creations
- Agriculture: Allowing tenants to leave for value
- Family: Teaming up to Zoom in on marriage
- Data protection: EU transfers flow for a little longer
- Scottish Solicitors' Discipline Tribunal
- Property: Access by prescription: challenge of proof
- In-house: Moving in-house as an NQ
- New AML guidance: what you need to know
- Schools outreach: a virtual revolution
- The Word of Gold: The joy of cheques
- Wills and executries: learning the hard way
- OPG update
- The Eternal Optimist: No going back
- Handling police complaints: seeking fitness for purpose
- Profile: Christine O’Neill QC
- Ask Ash: Double demands