Between July and September 2019, there were nearly 5,000 attacks made on the Australian legal profession.
Yet, because cyber attacks leave little physical evidence, most people were unaware of the crime.
As reported by Mimecast’s Threat Intelligence Report, “The legal sector attacks are highly likely to have been organised criminal groups attempting to compromise their intended targets for monetary gain, given the access to significant funds which the sector is perceived to have.”
On top of this, The Australian Cyber Security Centre’s (ACSC) regular small business survey recently showed that 25% of small and medium businesses have experienced a cyber crime.
Most firms are aware of the risks of cyber attacks. In fact, Pitcher Partners Legal Firm Survey 2019 showed that 88% of respondents see Cybersecurity as a risk for their firm.
Yet, with all the risk and awareness, there aren’t many straight-talking guides on how to help protect your firm – put simply, many people don’t know if the locks on the doors are any good (or if they even have locks).
The following eight tips are designed to help your firm dramatically reduce the risk of a data breach – with tasks as simple as a quick educational conversation to re-engineering how you store your data.
As with physical security, some is better than none. But the more your firm can do, the lower your risk of falling prey to a costly cyber attack.
Educating your firm about social engineering
The most common form of hacking is ‘social engineering’.
This is defined as the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. In particular, staff are susceptible to providing their passwords to individuals (via email and phone) who claim to be their IT support.
Staff should be reminded to be very wary of these sorts of password requests and if anything is requested it is passed to the IT support service provider for checking.
Password management tools
In today’s online world we have to manage many different passwords for different online systems.
An online password management system allows you to store your passwords in a secure location and populates your frequently accessed websites with the correct password via a secure web browser extension.
No more keeping your passwords in text files or spreadsheets (or on pieces of paper). Or having the same password for every account.
Antivirus, Antimalware, AntiRansomware
To secure your data you need to secure every device that accesses it – from PC to phone and tablet.
Many firms are now using fully-managed PC security services which monitor and proactively maintain PC security protocols including Windows operating system patching, AntiVirus, AntiRansonware and Firewall management. It’s like having a security guard rather than just a security alarm and is the same price as business-grade AntiVirus.
Two Factor Authentication (2FA)
Once strong passwords are in place and managed through a password management system, two-factor authentication (often shortened to 2FA) ‘double-checks’ you’re really ‘you’ when you log into accounts such as banking, email or social media.
With 2FA, you need to provide two things when you log into secure websites – such as your password and a code sent to your mobile device or your fingerprint.
An often overlooked security hole – the wifi access to your modem/router needs to be password protected. It also needs to be changed on a regular basis. Particularly if you have staff members leave your employment. WIFI networks from your office router can often be linked to from outside the office (for example in your office car park).
Multiple Encrypted Backups
There is an old saying in IT – ‘you can never have too many backups’. Data should be backed up multiple times, to multiple locations using multiple systems.
However, when you do backup your data it should always be encrypted (password protected) so that if it does fall into the wrong hands it will be much more difficult for the data to be accessed.
Australian based data storage and backups
Storing data online means that your data is stored ‘somewhere’ on the planet.
Storing your data in an Australian DataCentre provides a number of benefits including the data being subject to Australia’s legislation – meaning you’ll be complying with most professional organisation’s standards and the data is far less likely to be accessed by inappropriate third parties.
When looking to host your data “in the cloud” or backing up your data online it is very important to ensure the data is stored in Australia (at all times).
Virtual Private Servers
One ‘fix all’ solution many firms are turning to are Virtual Private Servers (VPS). Full disclosure: Habitat3 runs a Virtual Private Server.
VPS provides many of the previous security benefits in one fell swoop. They are a virtualized version of the typical Microsoft server you may use in your office today. However, located within a secure data centre environment and managed 24/7 by trained professionals.
Staff log into the VPS to use your software and access your data, but the data never leaves the data centre. Traditionally, this option was only available to large enterprises. However, over the last decade, new technologies have made VPS available to the smallest of firms.
A VPS has a number of security benefits when compared with running a server in your office or using web-based “cloud” software.
- Physical security – VPS prevent unauthorized physical access to your data, as well as protection from dangers like fires, floods or power surges
- Network security – VPS is protected from unauthorised external from the internet and all Antivirus, Antimalware and AntiRansonware tools are maintained for you
- Data Ownership – using a VPS means you maintain control and ownership of your data at all times
- Managed encrypted backups – Each server and its data is encrypted and backed up to protect against disaster or unintended changes. Each server is also backed up to a second data centre (you can never have too many backups)
- Australian Privacy Law – Keeping data within Australia at all times means your data remains within the Australian jurisdiction
- Security Maintenance – VPS receives constant preventative maintenance
- Cyber Insurance – VPS providers maintain high levels of insurance to ensure that if security measures fail they are able to compensate clients
As we move into a new decade with new threats, it’s worth evaluating your risk and deciding what steps your firm needs to take to protect their clients, their reputation and their livelihood. I hope the following tips have been helpful in understanding what’s available.
About the Author
Habitat3 is a hosting company many professional services firms are using for their VPS hosting. Habitat3 has been operating for more than 15 years and is focused on providing the highest quality server hosting services.