• April 19, 2024
 Do you know the top ten cyber attack reasons?

Do you know the top ten cyber attack reasons?

A new year is widely seen as the chance for a new start; time to look at your priorities with a fresh perspective and vigor. This new year has started very differently for all of us. Many won’t head into the office as we once would, and this brings with it it’s very own set of remote-working challenges.

Does this ring true for your company? As you know your firm is in control of a lot of sensitive, confidential data. Should this fall into the wrong hands, it could be catastrophic. And every day simple tasks and protocols that we might not give much thought, could play right into cyber-criminals’ hands.

Below are the top 10 reasons you could be leaving the back door open for cyber criminals to infiltrate your system.

  1. Outdated browsers and software

Did you know not running with the most current versions of internet browsers or software such as Microsoft Office is high risk? Older systems have widely-published vulnerabilities which criminals can easily spot, exploit and gain access to your important, sensitive data.

  1. Shutting down your computer

You’re in a rush, it’s been a long day and you’re hastily making for the door. Shutting down your PC just doesn’t seem a priority. But by skipping this simple step you’re showing another chink in your company’s armour to cyber criminals. Shutting down your computer is when all the software, files and programmes are closed and the RAM memory is cleared. Employees must do this to keep security watertight.

  1. Frequently used passwords

Many of us struggle with remembering the multitude of passwords we need for all variety of permissions. We often think that by using the same password across multiple platforms, it’s easy to keep them in mind. Whilst this may be true it’s also like handing a hacker the keys to your office. Easily cracked passwords or using ones that have been published through a secret databreach can grant very quick access to your accounts.

  1. Illegitimate emails

Criminals are getting wiser about how they target victims with what’s known as “phishing” attacks. They’ll masquerade as a trusted source over email, instant message or text message. Emails can be cloned to such an extent that they can look truly legitimate. But one wrong click could lead to user credentials, log in details and financial information being stolen in just minutes.

  1. Drive-by” attacks

If your internet browser and work devices aren’t configured correctly, users unintentionally can download malicious code whilst surfing the web, without ever knowing. Most commonly this has been seen via objectionable websites but is becoming more common from legitimate sources or social media links because of malicious software (malware).

  1. False invoice attacks

Outside of your organisation, one of your suppliers could be the victim of a cyber-attack. We’ve heard of many instances were this “highjacking” results in fake invoices being sent to the highkacked company’s associates and clients. These invoices will look realistic and come from a trusted source but meanwhile false payment details have been planted ultimately leading to a loss of funds.

  1. Social engineering

Many law firms favour using signatures in auto replies and out of offices. However this could be potential gold to a cyber-criminal, as they infiltrate your systems and seek to impersonate your systems as closely as possible.

  1. Misconfigured Domain Name Service

Your email provider uses DNS to confirm the emails that you receive really come from the true sender. However if your DNS is misconfigured it can easily allow criminals to impersonate your emails and send messages that appear to have come from you.

  1. Ransomware

This can happen via phishing attacks, malicious social media, outdated software or even USB sticks that fall into the wrong hands. If this happens, criminals limit the victim into using their own software until they pay a ransom. Your machine or server would be encrypted until you pay up.

  1. Compromised devices

Buying devices from unreputable sources have been known to come with malicious software already installed. It’s imperative to ensure that all your company’s employees are only using approved devices and resources when plugged into the company’s network. Criminals do not discriminate and will go after the weakest elements of your team and exploit this to their own ends.

More information about how to stay cyber safe can be found here.

This article was submitted to be published by Lawyer Checker as part of their advertising agreement with Today’s Wills and Probate. The views expressed in this article are those of the submitter and not those of Today’s Wills and Probate.

Lawyer Checker

http://www.lawyerchecker.co.uk

Lawyer Checker Provider of market-leading risk management solutions to the legal sector. Lawyer Checker is a leading provider of risk management solutions to the legal sector, offering a full inclusive suite of products and services which have one thing in common – they are all designed to protect and to promote your firm. Our expert understanding of the legal sector means that we are in a unique position to ensure that your business is protected from the main threats without delay. We are committed to being proactive when it comes to caring for our clients, and to getting them onto a platform where they are safer. What does Lawyer Checker do? Our suite of fraud prevention and cyber security products include: Thirdfort Thirdfort is the latest in Lawyer Checker's innovative suite of products helping to defend law firms against the persistent threats lurking in the legal sector, by providing enhanced due diligence to source of funds and ID checks. It uses a mobile app to digitally confirm a client's identity by combining facial recognition technology with document scanning and open banking, enabling you to confidently “Know Your Customer." Find out more > Account and Entity Screen (AES) AES provides your firm with enhanced risk management when transferring funds by checking the accounts details of a solicitor you are sending funds to against our unique database. This ensures your client funds are sent to a legitimate bank account associated with the vendor’s conveyancing firm. Find out more > Consumer Bank Account Checker (CBAC) CBAC offers enhanced due diligence when remitting sales proceeds and balancing payments to consumers. It works by validating the source and destination of funds by checking the bank account details match your client’s personal details when sending or receiving client funds. Find out more > OnDMARC A vital layer in protecting against email modification fraud, OnDMARC can actively block phishing attacks and obstruct 3rd parties impersonating your email domain to any recipient such as your clients, suppliers or employees. Email fraud is a law firm’s biggest risk. To avoid sensitive data being stolen through email impersonation fraud, safeguard your firm by implementing OnDMARC, otherwise anyone can send an email directly to your customers, suppliers or employees pretending to be you. Find out more > Cyber Certifications The National Centre for Cyber Security has identified the legal sector as a top target for cyber criminals. The sensitive data, large sums of money and important information that is held needs protecting to avoid severe damage to clients and your reputation. Cyber Essentials Cyber Essentials is a ‘must have’ certification for law firms which will protect your business, prevents data breaches and highlights to your customers, your regulators, the ICO and cyber criminals that you take cyber security seriously and shows you have taken the recommended steps to secure yourselves from potential threats. Getting Cyber Essentials certification for your firm is quick and easy, our in-house expert Cyber Essentials Assessors at Lawyer Checker (Part of Practical Vision Network) can conduct your online assessment and issue your certificate in less than 48hrs. For only £350 plus VAT it will give you peace of mind that you have shielded your law firm from cyber risk. Cyber Essentials Plus Our professional in-house assessors can issue official certificates to compliant firms for Cyber Essentials Plus, which is the next step up from Cyber Essentials. It covers the same controls but this time it is independently verified by a site visit from our expert assessor who will carry out a thorough inspection of online devices and web hosts through a detailed network vulnerability scan and certify your security arrangements to Cyber Essentials Plus level. IASME Governance Our expert in-house assessors can issue official certificates to compliant firms for IASME which includes Cyber Essentials certification along with a GDPR readiness assessment. It signifies to your customers and shareholders that you consider data protection a priority, and your desire to manage risk by demonstrating a high level of security. This certification is particularly suitable for businesses that are working towards ISO27001 and want a stepping stone, or for those that want to align to ISO27001 but perhaps don’t have the budget to go to a full certification. ISO 27001 Our expert in-house consultants will help your firm prepare for ISO 27001 certification audits. It is internationally recognised as the most comprehensive and detailed accreditation to help embed a healthy security culture within your business. The consultation focuses on all business areas and not just the IT department. Our execution experts can work with you to implement ISO27001 in a way that works for your business and can provide as much or as little support as you need from project plans, document templates to full implementation. Our professional assessors can even help you to book and prepare for your certification audits. To safeguard your business, use Lawyer Checker’s comprehensive products and services to arm you and your law firm with the right tools and information to be able to obtain the assurances you need to act in the best interests of your clients. Key contacts: Heidi Jenkins Key Relationship Manager at the Practical Vision Network including Lawyer Checker, Solve Legal Marketing and The Move Exchange. M: 0330 052 7588 E: heidi.jenkins@practicalvision.co.uk Mark Siwiec Business Development Manager (Cyber) at the Practical Vision Network including Lawyer Checker, Solve Legal Marketing and The Move Exchange. M: 03300529150 E: mark.siwiec@practicalvision.co.uk Address Suite 4, Wright House, 67 High Street, Tarporley, Cheshire, CW6 0DP