Helping law firms to protect their data
Personal data is a valuable asset. In the wrong hands, it can be used by threat actors to facilitate fraud, money laundering, and other similar offences.
Law firms are just one of many corporate entities that deal with Personally Identifiable Information (PII), particularly those dealing with probate, conveyancing, and tax.
Since the introduction of GDPR in the UK in 2018, stricter rules are in place to govern the use, storage and security applied to PII. Of note:
- Article 5(1)(f) requires personal data to be processed securely
- Article 32(1)(b) requires appropriate measures to be in place to ensure a level of security appropriate to the risk and ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
Threat actors are constantly looking for new and novel ways to infiltrate computer networks, whether this be for financial gain, political motivations, or espionage. While best efforts can, and should, be taken to mitigate and prevent these intrusions, it is a fact of life that they will occur.
It is the remit of the Information Commissioner’s Office (ICO) to investigate incidents where data loss has occurred and determine whether suitable protections were in place by the victim organisation to attempt to prevent this loss.
ARE YOU A LAW FIRM?
BOOK A DEMO NOWIn January 2021, a law firm in northern England was subject to an intrusion of their network, resulting in the fraudulent transfer of funds belonging to a customer. The intrusion came about by way of a spear-phishing attack against an employee which garnered credentials allowing the threat actor to access and compromise the network. Following an investigation, the firm was found to have insufficient security in place to mitigate this threat, such as multi-factor authentication (MFA). Additionally, their security requirements were ill-defined with their IT supplier, resulting in a failure to properly monitor and audit user accounts.
Thankfully in this instance, the “dwell time” was significantly reduced by the firm’s bank identifying the fraudulent transactions. This resulted in a password change on the affected account within four days of the initial breach, thereby removing the threat actor’s network access. This won’t always be the case though.
Getting hacked is something you don’t worry about until it happens to you which is why SOS Intelligence is here to help. We can help legal firms overcome the challenge of cyber threats by alerting you when there has been a breach or you are at risk.
Simply put this shows diligence with your data and your client’s data.
We have achieved impressive success with our clients and have recently graduated from the National Cyber Security Centre startup initiative.
For threat actors, legal firms hold a treasure trove of data that they can use for criminal activities such as financial fraud, extortion, or even just crude doxxing.
Defensive security measures like proper data storage and encryption are a must for any legal firm, but these measures can only go so far. To take your security to the next level proactive measures are needed.
With the ever-increasing threat of companies and organisations being subject to a cyber-incident, SOS Intelligence allows you to sleep easier at night.