Law Firms Must Continue To “Do The Basics” When It Comes To Security
Chief Information Officer at Lawyer Checker Jen Williams has shared some of her own experience of the impact of Covid-19 on her and the business.
Speaking to Today’s Conveyancer she warns practitioners of the realities of fraudsters preying on the uncertainty and potential communications breakdowns within law firms.
While there are increasingly sophisticated methodologies and infiltration, phishing attacks and password compromise are still the main ways a criminal will get into a firm.
For Jen Williams, firms should be on higher alert in the current climate as Coronavirus provides “relevance and context” to phishing communications. Attackers will use the current challenges to send communications which purport to be, for example, regarding health and safety updates, remote working protocols, coronavirus procedures.
In the interview Jen Williams also warns firms of how they are communicating with the outside world, with out of offices for furloughed staff on her radar
Out of office essentially advertising to the rest of the world that you are… not monitoring your emails
Asked what law firm leaders need to be asking of their staff she explained that the Coronavirus crisis has put many businesses under huge pressure with senior staff taking on many front-line roles in the absence of furloughed colleagues.
As a result security has not been at the forefront of efforts; now is the time to refocus. Law firm leaders need to be asking their IT managers and outsourced providers:
- Are operating systems being updated and security patches are applied
- And if so, how often are patches and antivirus updates applied
- Are staff downloading approved software
- Is there an asset register and can remote devices like laptops be managed remotely
- Bring your own device is a concern while staff are not office based
In much the same way accounts and files are audited, law firm leaders should consider undertaking an audit of the IT infrastructure with options including vulnerability scanning, imitation phishing tests and penetration testing.
Critical for Jen is encouraging a top-down security culture in which all staff must receive training and take a proactive approach to security;
Firms need to have a culture whereby if somebody does click on a link…(staff) must feel that they can go for help… that really helps me out because that minimises the time that a criminal potentially has access to our systems.
And when ransomware attacks can take seconds to lockdown an entire infrastructure, time is a commodity organisations can ill afford to waste.