*/
By Alexander Sverdlov
A quick Google search for ‘law firm hacked’ reveals more than 5 million search results of articles and news stories on law firms becoming victims of cybercriminals in the past few years.
Unlike most chambers, many of these law firms will have cybersecurity departments, well-equipped IT departments, large budgets, the fanciest defence software and yet somehow still managed to lose control over their data.
When a breach happens, hackers often stay in the compromised network for months – sometimes years. The ‘average’ detection time is beyond 6 months, but you and I know that ‘average’ could mean 1 day, or 10 years. This causes direct and indirect damage to your clients and employees, your reputation and finances, not to mention the possibility of extortion and the ‘unknown unknowns’.
Can you definitely say – and this question is particularly pertinent when members of chambers and staff are working remotely – that no unauthorized code ran on their computers last week? Did anyone access a compromised website, thus exposing you all to malicious code? Did any malicious code bypass your antivirus program and if it did, what did it do after that? Did it send any confidential documents over an encrypted channel to a server in China? If so, how many documents were lost? Did the hacker then move on to other computers in the same network?
I am a firm believer that sound security architecture will trump any commercial security software and product. If you have well designed and tuned IT infrastructure, you will be head and shoulders above the mass of chambers who only depend on basic security controls provided by their IT support firm. Achieving that, you will have a competitive advantage – and every little bit helps!
The first and likely most important task when designing a chambers’ defences is to step back and look at all the major software elements in it.
Are you using a document management system and a filing system? Are they tightly integrated into your email and collaboration systems?
A weakness or a vulnerability in any IT system could lead to a security breach in all of them.
A chain is only as strong as its weakest link!
And a chambers is only as resistant to a hacking attack as its least protected IT system.
Unfortunately, antivirus and firewalls are weak and unreliable against hackers – they are straightforward to bypass and present no challenge.
What helps:
Vulnerability management has to become a part of your IT management strategy. If you can’t answer the question ‘how many vulnerabilities did you have last month and are they fewer this month,’ then how can you even be sure that you haven’t already been hacked?
Vulnerability management as a process should be a part of a more sophisticated approach. Hackers have had decades to hone their skills and breach methods. If all you are using to protect chambers against trained hackers is a firewall and an antivirus, it is time to upgrade.
Some examples of processes that need to be in place for your chambers to be secure:
As the founder of Atlant Security, I can help you establish a solid foundation of defending client data and funds against cyberattacks. If you want to get started on a journey to turn your chambers into a fortress, get in touch!
Alexander Sverdlov is the founder of Atlant Security. He has written extensively on ‘Building a Cyber Fortress’ and ‘Protecting from Hacking Attacks’, is a regular speaker at cybersecurity conferences and helps companies worldwide with their cybersecurity defences: www.atlantsecurity.com
A quick Google search for ‘law firm hacked’ reveals more than 5 million search results of articles and news stories on law firms becoming victims of cybercriminals in the past few years.
Unlike most chambers, many of these law firms will have cybersecurity departments, well-equipped IT departments, large budgets, the fanciest defence software and yet somehow still managed to lose control over their data.
When a breach happens, hackers often stay in the compromised network for months – sometimes years. The ‘average’ detection time is beyond 6 months, but you and I know that ‘average’ could mean 1 day, or 10 years. This causes direct and indirect damage to your clients and employees, your reputation and finances, not to mention the possibility of extortion and the ‘unknown unknowns’.
Can you definitely say – and this question is particularly pertinent when members of chambers and staff are working remotely – that no unauthorized code ran on their computers last week? Did anyone access a compromised website, thus exposing you all to malicious code? Did any malicious code bypass your antivirus program and if it did, what did it do after that? Did it send any confidential documents over an encrypted channel to a server in China? If so, how many documents were lost? Did the hacker then move on to other computers in the same network?
I am a firm believer that sound security architecture will trump any commercial security software and product. If you have well designed and tuned IT infrastructure, you will be head and shoulders above the mass of chambers who only depend on basic security controls provided by their IT support firm. Achieving that, you will have a competitive advantage – and every little bit helps!
The first and likely most important task when designing a chambers’ defences is to step back and look at all the major software elements in it.
Are you using a document management system and a filing system? Are they tightly integrated into your email and collaboration systems?
A weakness or a vulnerability in any IT system could lead to a security breach in all of them.
A chain is only as strong as its weakest link!
And a chambers is only as resistant to a hacking attack as its least protected IT system.
Unfortunately, antivirus and firewalls are weak and unreliable against hackers – they are straightforward to bypass and present no challenge.
What helps:
Vulnerability management has to become a part of your IT management strategy. If you can’t answer the question ‘how many vulnerabilities did you have last month and are they fewer this month,’ then how can you even be sure that you haven’t already been hacked?
Vulnerability management as a process should be a part of a more sophisticated approach. Hackers have had decades to hone their skills and breach methods. If all you are using to protect chambers against trained hackers is a firewall and an antivirus, it is time to upgrade.
Some examples of processes that need to be in place for your chambers to be secure:
As the founder of Atlant Security, I can help you establish a solid foundation of defending client data and funds against cyberattacks. If you want to get started on a journey to turn your chambers into a fortress, get in touch!
By Alexander Sverdlov
On both fronts – representing the Bar’s interests and protecting the rule of law
Kate West discusses how best to interpret a drug test report, and the common misconceptions about what can be learnt from a drug test
Ashley Hodgkinson looks at drug testing methods and some of the most common ways people try to cheat a drug test
Clerksroom Chambers has recruited Matthew Wildish from 3 Paper Buildings (3PB) to a newly created position of Director of Clerking. Matthew joined the team at Clerksroom on 1 June
... have you seen through yours? asks Julian Morgan
Opportunity for female sopranos/contraltos in secondary education, or who have recently finished secondary education but have not yet begun tertiary education. Eligibility includes children of members of the Bar
Clerksroom Chambers has recruited Matthew Wildish from 3 Paper Buildings (3PB) to a newly created position of Director of Clerking. Matthew joined the team at Clerksroom on 1 June
In this tale of hope, success really has been the best revenge! A difficult journey teaches Rehana Azib QC invaluable lessons along the way
The Chief Inspector of the CPS knows first-hand the difficulties prosecutors face but is no pushover. He talks to Anthony Inglese CB about Operation Soteria, putting victims and cooperation at the heart of criminal justice reform, and his unique and life-changing career prosecuting the crime of all crimes, genocide
This article is not designed to offend the Judiciary but the quiet word has only taken us so far it is time concerns were recorded formally, says the first set to introduce an external bullying policy By Eleanor Laws QC, Oliver Mosley and Kyan Pucks
Having represented many Davids against many Goliaths over a 30+year career at the publicly funded Bar, renowned silk Professor Leslie Thomas QC critically assesses what the Human Rights Act currently under challenge has done for coronial law and equality of arms
