What Should An IT Department Do In Relation To Cyber Security?

What Should An IT Department Do In Relation To Cyber Security?

UK law firms are now starting to realise that responsibility for cyber security doesn’t just lie within the IT team, and that technical controls alone can’t protect a business from today’s attacks.

I often see the phrase ‘cyber security is a people issue not an IT issue’. It’s true that this needs to be a shared responsibility, but there are some basic things that you should expect your technical team to do to minimise the risks.

Know your infrastructure

It takes an average of 206 days to detect a cyber attack.

This means that a successful intrusion into your network goes undetected for a significant length of time. Your IT team should know normal patterns of behaviour for your network.

The only way to do this is to get to know the heartbeat of your infrastructure.
Early detection of unusual patterns of traffic such as overseas IPs, unusually large amounts of data transfer could help to spot a breach early and minimise the damage, but this is only possible if your team know what normal behaviour is.

The same applies to users.

Whilst user monitoring is often a controversial issue, it’s always advisable to know what regular login times are, email volumes etc. for your users. Anomalies in this could highlight the work of a malicious insider or a user whose credentials have been compromised.

Be smart with Domain Name Systems (DNS)

Basic email security is essential. User training is crucial, but every IT department should have implemented basic DNS protections for your domain.

This should be a combination of SPF, DKIM and DMARC as a bare minimum. DMARC is recommended by the National Centre for Cyber Security and there are some really good tools around to help with config so there should be no excuses here.

Patch

If not the most basic yet vital protection.

The WannaCry ransomware attack of 2017 spread so rapidly due to unpatched operating systems. Under no circumstances should a firm be using legacy systems that are unsupported by the vendor.

Make sure your team are applying patches as soon as they are released and keeping logs of when systems and software are patched.

It’s particularly important to regularly patch particularly vulnerable software such as Adobe, Java and WordPress.

On 14th January 2020, Microsoft announced that it would no longer be providing technical support for its outdated operating platform Windows 7. Two final patches were issued at the end of January, but now the system lies vulnerable as no other updates are said to be sent out. Upgrading your operating platform to a newer version will prevent this issue from becoming a problem.

Say no

I have lost count of the number of times that I’m asked to provide temporary admin access, make an exception to a control for the benefit of speed etc.

Access control processes are there for a reason. If they are often bypassed, they become not worth the paper they’re written on and can leave a firm open to attacks through elevated permissions.

These attacks need not be malicious but more so a careless action by an employee.

Keep up to date

IT departments should keep up to date with industry and global cyber security trends.

I would expect my team to be familiar with the latest attacks and to make recommendations to prevent similar ones happening to us.

Although this research and reading takes time, it’s a worthy investment.

Join our upcoming webinar

Cyber Essentials is a scheme set up by the UK Government that aids businesses in protecting themselves from common threats to their cyber security. Certification comes in two forms: Cyber Essentials and Cyber Essentials PLUS. In this short webinar we will explore the certifications in more detail and look at the benefits to your business.

Click here to register.

Written by Jennifer Williams, Head of IT and Security Specialist at the Practical Vision Network, which includes Lawyer Checker.Join our upcoming webinar:

This article was submitted to be published by Lawyer Checker as part of their advertising agreement with Today’s Conveyancer. The views expressed in this article are those of the submitter and not those of Today’s Conveyancer.

Dye & Durham

https://dyedurham.com/

Dye & Durham to discuss the environmental perils Dye & Durham UK is one of the largest providers of property information services in England and Wales, allowing legal and business professionals access to an extensive network of data and insights related to:

  • Environmental and flood
  • Local authority and land charges
  • Planning, drainage, and water
  • Mining and subsidence
  • Chancel liabilities, and much more.
Through our various products, customers can perform CQS standard searches, access Law Society forms, and integrate with HMRC and HMLR through our cloud-based platform. We help firms improve the precision, confidence, and rigour of their operations. Our standardised and automated workflows provide greater operational efficiency and productivity. Our team are leading experts in environmental risk, ground and climate hazards, conveyancing risk and fraud prevention. Bringing together the foresight of Terrafirma, the data expertise of Future Climate Info, and the operational confidence of Lawyer Checker, Dye & Durham provides best-in-class complete due diligence solutions for property transactions. ​Dye & Durham Limited provides critical information services and workflows, which clients use to manage their process, information, and regulatory requirements. The Company has operations in Canada, the United Kingdom, Ireland, and Australia. Key Services: Company Address: Dye & Durham, 2440 The Quadrant, Aztec West Business Park, Bristol, BS32 4AQ , United Kingdom Contact:

Leave a Reply

Your email address will not be published. Required fields are marked *