Lawyer Checker’s top ten cyber-attack reasons within a law firm

Lawyer Checker has analysed the top ten reasons that a law firm can come in for cyber-attack, particularly in the current climate of working online.

A new year is widely seen as the chance for a new start; time to look at your priorities with a fresh perspective and vigour. This new year has started very differently for all of us. Many won’t head into the office as we once would, and this brings with it it’s very own set of remote-working challenges.

Does this ring true for your company?

As you know, your firm is in control of a lot of sensitive, confidential data. Should this fall into the wrong hands, it could be catastrophic. And every day simple tasks and protocols that we might not give much thought, could play right into cyber-criminals’ hands.

Over the next two weeks we’ll be posting our top ten why firm could be wide-open to a cyber-attack.

  1. Outdated browsers and software

Did you know not running with the most current versions of internet browsers or software such as Microsoft Office is high risk? Older systems have widely-published vulnerabilities which criminals can easily spot, exploit and use to gain access to your important, sensitive data.

  1. Shutting down your computer

You’re in a rush, it’s been a long day and you’re hastily making for the door. Shutting down your PC just doesn’t seem a priority. But by skipping this simple step, you’re showing another chink in your company’s armour to cyber-criminals. Shutting down your computer is when all the software, files and programmes are closed, and the RAM memory is cleared. Employees must do this to keep security watertight.

  1. Frequently-used passwords

Many of us struggle with remembering the multitude of passwords we need for all variety of permissions. We often think that by using the same password across multiple platforms, it’s easy to keep them in mind. Whilst this may be true, it’s also like handing a hacker the keys to your office. Easily-cracked passwords or using ones that have been published through a secret data-breach can grant very quick access to your accounts.

  1. Illegitimate emails

Criminals are getting wiser about how they target victims with what’s known as “phishing” attacks. They’ll masquerade as a trusted source over email, instant message or text message. Emails can be cloned to such an extent that they can look truly legitimate. But one wrong click could lead to user credentials, log-in details and financial information being stolen in just minutes.

  1. Drive-by” attacks

If your internet browser and work devices aren’t configured correctly, users unintentionally can download malicious code whilst surfing the web, without ever knowing. Most commonly, this has been seen via objectionable websites but is becoming more common from legitimate sources or social media links because of malicious software (known as malware).

  1. False invoice attacks

Outside of your organisation, one of your suppliers could be the victim of a cyber-attack. We’ve heard of many instances where this “high-jacking” results in fake invoices being sent to the high-jacked company’s associates and clients. These invoices will look realistic and come from a trusted source, but, meanwhile, false payment details have been planted ultimately leading to a loss of funds.

  1. Social engineering

Many law firms favour using signatures in auto-replies and “out of office” messages. However, this could be potential gold to a cyber-criminal, as they infiltrate your systems and seek to impersonate your systems as closely as possible.

  1. Misconfigured Domain Name Service

Your email provider uses a Domain Name Service (DNS) to confirm the emails that you receive really come from the true sender. However, if your DNS is misconfigured, it can easily allow criminals to impersonate your emails and send messages that appear to have come from you.

  1. Ransomware

This can happen via phishing attacks, malicious social media, outdated software or even USB sticks that fall into the wrong hands. If this happens, criminals limit the victim into using their own software until they pay a ransom. Your machine or server would be encrypted until you pay up.

  1. Compromised devices

Buying devices from unreputable sources have been known to come with malicious software already installed. It’s imperative to ensure that all your company’s employees are only using approved devices and resources when plugged into the company’s network. Criminals do not discriminate and will go after the weakest elements of your team and exploit this to their own ends.

You can read more about Lawyer Checker’s cyber-essentials campaign here.

 

Kindly shared by Lawyer Checker

Main article photo courtesy of Pixabay