*/
As the summer melts away, and the red glow of the setting sun fuses into the reddening leaves of autumn, thoughts turn to preparation. Like farmers gathering the harvest to prepare for winter, at the Bar, holiday homes, villas and chateaus, apartments and cottages, beaches and festivals are left behind. And the matters of the Michaelmas term brought to the forefront of the mind to be readied.
But progress never stops. And the law never sleeps. And while the blissful break of the long hot summer was a welcome relief from wet weather days and spring showers, litigation has continued. What documents have been exchanged? What applications filed and served? While cocktails and mocktails of all kinds were consumed, what advancement in case management has been missed.
Thankfully, because Chambers has the most up-to-date case management systems, nothing.
And if your chambers does not have the most up-to-date case management system, and your clerks are currently chasing the poor paralegal who was the only person unable to have a holiday, then this article will prepare you for next year, as we consider the seven best case management systems on the market:
Please note that these are listed alphabetically and not ranked in order. Different case management software might be better or best depending upon on an individual’s practice and existing infrastructure. What is consistent, though, is that case management software properly applied can reduce the practical burden on barristers.
On 31 May 2023, Progress Software, a US-based software developer, reported to regulators that hackers had found a way to infiltrate its MOVEit transfer tool. MOVEit software is utilised to transfer sensitive data securely, and crucially was used by UK payroll company Zellis, who provide payroll services to, inter alia, the BBC, British Airways, Air Lingus and Boots. An update patch was immediately released by Progress Software. However, on 5 June 2023, the BBC reported that consumer and staff data at these four companies had been compromised as a result of the MOVEit hack. Brett Callow, an analyst at cybersecurity firm Emisisoft described this supply chain cyber-attack as: ‘Potentially one of the most significant breaches of recent years.’
And the warnings have been there:* Counsel may have been a little early with regard to threats in 2022, but recent articles have focused on the prevention of supply chain attacks. (See ‘Avoid supply chain cyber attack’, Counsel, December 2022 and ‘Your guide to the information security questionnaire’, Counsel, August 2022.)
If you are subject to a supply chain attack DON’T PANIC. Prevention is better than cure and the advice provided in previous articles remains good. However, if your chambers has failed to complete the Questionnaire, or arrange for staff training, and is now subject to a breach, the following three points may help:
Unusually in the case of the MOVEit hack, CLOP, the Russian speaking group allegedly responsible for the hack, asked those subject to the breach to contact them rather than sending out ransom demands. Charles Carmakal, Chief Technology Officer at Mandiant Consulting, suggested on CNN that this was because the speed and range of the breach was so great that CLOP was ‘overwhelmed’ and could not keep up to contact individual companies.
Whether or not you pay a ransom following a supply chain attack is ultimately a commercial decision. However, paying ransoms will encourage attacks. Further, the CLOP threat was for contact and payment before 14 June 2023 otherwise data would be published on the dark web. While publication is reputationally embarrassing, and may undermine individual’s security, visibility of information published on the dark web is, appropriately for nomenclature, poor. The extent to which data will actually be seen is limited.
While visibility of data published on the dark web is poor, utility is far more dazzling. Pieces of data on the dark web, coupled with phishing techniques and social engineering can be used in secondary attacks, and can be used for years to come.
Many people at the Bar will have flown BA or shopped at Boots, and the information gleaned from these companies can be used to generate emails, messages and notifications which look very real. Be wary! If you are being asked for information pause and consider whether the request is genuine. If there is any doubt seek verification from the individual or company requesting the information, ideally using a different device and/or medium from the one that you received contact.
Never provide your log-in details to another regardless of the apparent authority or authenticity of the request. Your log-in details are your details! Like the keys to your house or car, do not give these to someone unless you trust them implicitly not to ransack your house or crash your car.
Avoid clicking links on messages. Official messages relating to ‘resetting passwords’ or ‘scanning devices’ utilise the fear generated from a cyber-attack to gain information in a secondary attack.
The repercussions from the MOVEit hack will be felt for many years to come. The information is out there and hackers will seek to utilise the data. Thankfully, most systems now need multi-factorial authentication. But the data which has been captured and released as a result of the MOVEit hack will overcome some of these hurdles, and bring hackers closer to their goal. Efforts should be made to make it as difficult for them as possible.
As the summer melts away, and the red glow of the setting sun fuses into the reddening leaves of autumn, thoughts turn to preparation. Like farmers gathering the harvest to prepare for winter, at the Bar, holiday homes, villas and chateaus, apartments and cottages, beaches and festivals are left behind. And the matters of the Michaelmas term brought to the forefront of the mind to be readied.
But progress never stops. And the law never sleeps. And while the blissful break of the long hot summer was a welcome relief from wet weather days and spring showers, litigation has continued. What documents have been exchanged? What applications filed and served? While cocktails and mocktails of all kinds were consumed, what advancement in case management has been missed.
Thankfully, because Chambers has the most up-to-date case management systems, nothing.
And if your chambers does not have the most up-to-date case management system, and your clerks are currently chasing the poor paralegal who was the only person unable to have a holiday, then this article will prepare you for next year, as we consider the seven best case management systems on the market:
Please note that these are listed alphabetically and not ranked in order. Different case management software might be better or best depending upon on an individual’s practice and existing infrastructure. What is consistent, though, is that case management software properly applied can reduce the practical burden on barristers.
On 31 May 2023, Progress Software, a US-based software developer, reported to regulators that hackers had found a way to infiltrate its MOVEit transfer tool. MOVEit software is utilised to transfer sensitive data securely, and crucially was used by UK payroll company Zellis, who provide payroll services to, inter alia, the BBC, British Airways, Air Lingus and Boots. An update patch was immediately released by Progress Software. However, on 5 June 2023, the BBC reported that consumer and staff data at these four companies had been compromised as a result of the MOVEit hack. Brett Callow, an analyst at cybersecurity firm Emisisoft described this supply chain cyber-attack as: ‘Potentially one of the most significant breaches of recent years.’
And the warnings have been there:* Counsel may have been a little early with regard to threats in 2022, but recent articles have focused on the prevention of supply chain attacks. (See ‘Avoid supply chain cyber attack’, Counsel, December 2022 and ‘Your guide to the information security questionnaire’, Counsel, August 2022.)
If you are subject to a supply chain attack DON’T PANIC. Prevention is better than cure and the advice provided in previous articles remains good. However, if your chambers has failed to complete the Questionnaire, or arrange for staff training, and is now subject to a breach, the following three points may help:
Unusually in the case of the MOVEit hack, CLOP, the Russian speaking group allegedly responsible for the hack, asked those subject to the breach to contact them rather than sending out ransom demands. Charles Carmakal, Chief Technology Officer at Mandiant Consulting, suggested on CNN that this was because the speed and range of the breach was so great that CLOP was ‘overwhelmed’ and could not keep up to contact individual companies.
Whether or not you pay a ransom following a supply chain attack is ultimately a commercial decision. However, paying ransoms will encourage attacks. Further, the CLOP threat was for contact and payment before 14 June 2023 otherwise data would be published on the dark web. While publication is reputationally embarrassing, and may undermine individual’s security, visibility of information published on the dark web is, appropriately for nomenclature, poor. The extent to which data will actually be seen is limited.
While visibility of data published on the dark web is poor, utility is far more dazzling. Pieces of data on the dark web, coupled with phishing techniques and social engineering can be used in secondary attacks, and can be used for years to come.
Many people at the Bar will have flown BA or shopped at Boots, and the information gleaned from these companies can be used to generate emails, messages and notifications which look very real. Be wary! If you are being asked for information pause and consider whether the request is genuine. If there is any doubt seek verification from the individual or company requesting the information, ideally using a different device and/or medium from the one that you received contact.
Never provide your log-in details to another regardless of the apparent authority or authenticity of the request. Your log-in details are your details! Like the keys to your house or car, do not give these to someone unless you trust them implicitly not to ransack your house or crash your car.
Avoid clicking links on messages. Official messages relating to ‘resetting passwords’ or ‘scanning devices’ utilise the fear generated from a cyber-attack to gain information in a secondary attack.
The repercussions from the MOVEit hack will be felt for many years to come. The information is out there and hackers will seek to utilise the data. Thankfully, most systems now need multi-factorial authentication. But the data which has been captured and released as a result of the MOVEit hack will overcome some of these hurdles, and bring hackers closer to their goal. Efforts should be made to make it as difficult for them as possible.
Our call for sufficient resources for the justice system and for the Bar to scrutinise the BSB’s latest consultation
Marie Law, Head of Toxicology at AlphaBiolabs, discusses alcohol testing for the Family Court
Louise Crush of Westgate Wealth explains how to make sure you are investing suitably, and in your long-term interests
In conversation with Matthew Bland, Lincoln’s Inn Library
Millicent Wild of 5 Essex Chambers describes her pupillage experience
Louise Crush of Westgate Wealth explores some key steps to take when starting out as a barrister in order to secure your financial future
From a traumatic formative education to exceptional criminal silk – Laurie-Anne Power KC talks about her path to the Bar, pursuit of equality and speaking out against discrimination (not just during Black History Month)
Inspiring and diverse candidates are being sought for the Attorney General’s Regional A, B and C Panels - recruitment closes at noon on 10 October 2024
Expectations, experiences and survival tips – some of the things I wished I had known (or applied) when I was starting pupillage. By Chelsea Brooke-Ward
If you are in/about to start pupillage, you will soon be facing the pupillage stage assessment in professional ethics. Jane Hutton and Patrick Ryan outline exam format and tactics
In a two-part opinion series, James Onalaja considers the International Criminal Court Prosecutor’s requests for arrest warrants in the controversial Israel-Palestine situation