Cyber Security - threats to the UK legal sector

22nd September 2023

At Williscroft & Co, cyber security is one of our top business priorities.

Over the last 12 months, we have invested further in our IT infrastructure to make it harder for any hacker to cause us any damage virtually. We now have two factor authentication on all our O365 accounts, as well as a Password Manager secure portal to manage all our own user passwords. All our devices are licensed with anti-virus software and we have an email filtering service that helps to reduce the amount of spam and phishing emails users receive. We are also in the process of applying for Cyber Essentials, as we believe this will provide us with a more secure infrastructure. 

Cyber security is how individuals and organisations reduce the risk of cyber attack by looking at what preventative actions they can put in place.

The Law Society recently published an article on the NCSC report on cyber threats to the legal sector in the UK. This provides an overview of typical threats and proposed preventative measures law firms can consider. 

It’s likely that many of you will be aware of other high-profile incidents where the security of a digital system was compromised. One case that really struck a chord with us was one regarding law firm, Tuckers Solicitors who were fined nearly £100,000 due to failure to implement appropriate technical and organisation measures, leaving them vulnerable to an attack. This led to them implementing multi-factor authentication on their remote systems.

Based on the above, many firms will be left thinking ‘Where do we start?’ or ‘Have we done enough?’.

Our Practice Manager, Dee Priestley recently attended a very useful webinar on this very topic by The Access Group via their free webinar subscription which was very informative yet straightforward. A staggering statistic shared during this session was that it costs on average £138,000 for an SME to deal with the cost of a cyber-attack with the potential of up to 21 days downtime.

A cyber-attack would have a huge impact on many small businesses, which highlights the importance of prioritising cyber security and protecting your property.

In today’s technologically advanced world, there are many different types of cyber-attack and ways that cybercriminals target businesses and organisations.

Below, we’ve listed some of the more common examples, which may help you to determine what needs to be in your risk assessment and the control measures that should be in place.

Phishing Attack

We all will have received spam messages in the past asking us to visit a certain link, and unfortunately, some people will mistake these phishing attempts as legitimate if they have not received the right training. Have you trained your staff to have awareness?

Multi-Factor Authentication Fake Codes

It goes without saying that hackers are getting smarter and smarter, but did you know they can force you to receive a genuine verification code to input into a fake website? Would you be able to spot a fake code?

Supply Chain Attack

New starters are now being targeted through platforms such as LinkedIn. There are people who create fake emails with fake, but genuine-looking, signatures from key members of staff such as the MD or Chairman in an attempt to lure the new starter into clicking on something that will allow access to the firm’s Outlook address book with both internal and external contacts. They only need 1 genuine email account and they are in!

Ransomware

The industry is now seeing more instances of data exfiltration where hackers threaten to release sensitive information. However, there are examples of where hackers have bought malware and ransomware kits on the dark web via Bitcoin etc. to assist firms with releasing their data, but will charge a finders fee based on a % commission of the overall ransom fee.

The NSCS provides great advice and guidance to help with all of these threats and the preventative measures that firms can consider.

SMEs looking for more advice and support can learn more here.