In association with Mitigo: It has never been more important to allocate budgets and resources to mitigate known risks, and cybercrime is one of the most serious risks

If 2020 taught us anything, it’s that it has never been more important to allocate budgets and resources to mitigate known risks. Cybercrime is one of the most serious risks.


Here are a few headline tips: 

1. Invest time to understand your risk from cyberattacks

Cyberattacks are indiscriminate: they hit any vulnerability they can find. We suggest you get the right group of experts together to assess your risks, and then consider the controls you have in place to reduce those risks: policy, training, software, support, etc.

2. Stop assuming your IT support have this covered

The law firms that got hit last year assumed this. In our experience, IT do not look after this, because they are not risk or cyber experts and you are frankly not paying them to shoulder this responsibility.

3. Change employee habits through training, testing and simulation

All the incidents we investigated last year had an element of human error. But bad habits can be changed. These include link-clicking, alert-ignoring, update-delaying, data-syncing etc. Best practice is to follow up training with simulated attacks on staff.

4. Write and communicate a mobile phone policy

Don’t forget mobile phones. Personal and work mobile use can be necessary for business. But have you got a policy, with necessary controls in place? Cybercriminals increasingly rely on mobiles as an entry point into company systems.

5. Prove to yourself that your backup actually works

Most backups we check will not survive a ransomware attack, because they are poorly configured. Have you ever had yours checked? And is it still operating correctly in this remote working world? Staff may have started storing files locally for convenience, or even using third-party storage.

Obviously, this is not an exhaustive list, but it should get you thinking about a subject that isn’t going away. Cybercriminals are more organised than ever, and their attacks are increasingly sophisticated. It’s a lucrative business for them, so they invest resources into constantly improving their game. We suggest you do the same. 

More information

This article was produced by Mitigo. Take a look at their full-service offer.

For more information contact Mitigo on 0131 564 1884 or email

Mitigo is a Strategic Partner of the Law Society of Scotland

Share this article
Add To Favorites