Interview With A Cyber Protect Professional About Legal Firm Security
Jennie Williams, a Cyber Protect Officer within the North West Regional Organised Crime Unit (NWROCU) talks openly about how legal firms can protect themselves from continuous cyber threats.
NWROCU has the responsibility of protecting the communities in the North West from serious organised crime, including Cyber Crime.
Jennie regularly talks to businesses and the public across the Region about the current cyber threat landscape, the UK Cyber Strategy, and cases the Regional Cyber Crime team have worked on. She provides common sense advice around what businesses and the public can do to protect themselves against a cyber attack.
A recent global report has found there are fewer data breaches and leaks in comparison to a year earlier, however, the statistics indicate that there are still over 6,000 incidents reported globally in 2018.
It is estimated that nearly three in five organisations in the UK have suffered a possible breach of security, with hackers ever vigilant, targeting the weak links within businesses.
With this in mind, the Government has pledged to invest £70 million in a bid to protect businesses and individuals from cyber attacks – the threat is real on UK legal firms!
In her interview, Jennie talks about the different types of cyber crime, the main threats, how they can be prevented and recommends measures you need to put in place.
What are the different types of cyber crime?
We categorise cyber crime in two ways:
- Cyber Dependant – These are crimes that can only be committed with the use of a computer or network e.g. Hacking, Malware, DDOS, Trojans & Botnets etc.
- Cyber Enable – Traditional crimes that have just been made easier with the use of a computer e.g. Fraud, Bullying, Sexual Offences, Drugs etc.
How can cyber threats be prevented?
Through education, working together and making sure we talk about the threats and are aware of them, simple things like taking 5 before clicking on links or responding to things you may have doubts on. (https://takefive-stopfraud.org.uk/). The government states if we all ensure we have strong passwords and do our system updates then the majority of cybercrime will be prevented (https://www.cyberaware.gov.uk/).
What are the main cyber threats we will be facing in 2019?
For businesses, the main threats continue to be from Phishing, Ransomware, DDOS attacks and the biggest one I feel is the insider threat. We all know why a criminal wants to attack us – to steal our money, intellectual property etc. – but it’s us who are the biggest risk – the human error, criminals know when to target us – Monday mornings, Friday afternoons – we are the ones that will potentially click on links, connect to public WiFi and not understand the risks. This is why it is so important to educate staff, friends, and family so we can all work together in combating this ever-growing cyber risk – you can’t protect over things you don’t know about!
Once you have become a victim of a cyber attack, what advice or steps would you take?
Report it to Action Fraud, even if you haven’t been a victim but you feel something suspicious has happened please still report it so action fraud can send out alerts on trends to help warn others. (https://www.actionfraud.police.uk/)
What advice would you give to law firms to protect themselves from cyber crime e.g phishing, email modification fraud, malware, CEO fraud, and identity fraud
Keep themselves up to date with the latest cyber threats, educate and talk to their staff about the risks, we see so many businesses who cannot recover from a cyber attack and the business goes under which means staff could lose their jobs, I don’t think staff sometimes realise the big implications it can have on them which is why it is so important to make them aware of what the threats are and if they do make a mistake what they need to do to get it sorted ASAP.
The Cyber Information Sharing Partnership is a great way to keep businesses updated with the latest threats. It’s basically like a social media platform for businesses to share information/ guidance and threats that they have seen within their business to help others protect theirs. It is quite ‘techy’ but we have a North West Group on the platform which has numerous large and small businesses in and they are only too happy to help those who need further advice and guidance. https://www.ncsc.gov.uk/cisp
What advice would you give to law firms who are thinking about undergoing some form of formal certification/accreditation for their firms? Are there particular standards that you would recommend?
Cyber Essentials Scheme helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security here.
What should a law firm include in their Cyber Security Policy plans? What technologies have you seen which could help prevent cyber crime?
The National Cyber Security Centre who is a part of GCHQ have devised lots of free advice and guidance from Small Business on how to improve cyber security within your organisation – quickly, easily and at low cost. They have produced guides and infographics that can put organisations on the right path on securing themselves here.
The 10 Steps to Cyber Security is also a great resource for businesses to follow here.