We are used to seeing ransomware threats against big businesses in the news, but cyber criminals are always on the lookout for the low hanging fruit to get to sensitive data which data owners would pay to retrieve.
Recently they appear to be targeting barristers chambers. Clients usually vet their supply chain for cyber weakness, but these attacks are forcing the bars to review the security of their own instructed barristers, especially when individual cases are particularly sensitive or carry high monetary value.
Recent breaches that took place at 4 New Square and 3VB in June and July, which led the chambers in question to pursue one course of legal action and an internal investigation, respectively.
The Bar Council said the attacks ‘should act as a wake-up call for everyone to check the security of their information networks and that their critical business interruption plans are up to date and effective. This is particularly the case where so many barristers continue to work from home. It is not only chambers’ systems but home systems which are vulnerable to attack.’
At the start of lockdown, the Solicitors Regulation Authority warned of the risks of homeworking to cyber security, publishing extensive guidance for firms. However, a survey of 3,500 companies by software provider Access Legal found that over 40% of practices have not fully updated their cyber security policies since moving to remote working in March last year.
Many solicitors’ firms believe that because they have an IT company providing support that they have adequate protection, however IT support is not the same thing as cyber resilience. IT professionals can implement new technology to help an organisation grow including improving communications and facilitating sharing of information, while cyber security is about protecting electronic data, with safeguards against network intrusions.
The ECRC provides guidance to businesses in the Eastern region with the aim to increase their cyber resilience. Our free membership gives businesses a weekly email about one specific aspect of cyber resilience that you may want to consider implementing, as well as a monthly newsletter about the key trends within the region.
For those wishing to up the level of financial investment into cyber security, the ECRC also offers additional, affordable solutions through our student services department which is led by top university talent who are supported by seasoned cyber experts.
Internal vulnerability assessment - our team will scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data.
Corporate internet investigation - this service focusses on providing a comprehensive review of publicly available information about an organisation that might have been shared by employees or to see if there are any damaging news stories or social media posts. Information gained from this type of activity may also be used by cyber criminals during early preparation stages of a cyber-attack.
If you’d like to know more about how to protect your business or to speak with us about other cyber security services we offer, please drop us a line to arrange a 30-minute chat.