Poor Password Protection Leaves Legal Sector Vulnerable To Data Breaches
Millions of people across the globe continue to use hack-able passwords, underestimating the importance of creating a unique password to protect themselves, their business and clients from cyber criminality.
The inaugural UK Cyber Survey, released by the National Cyber Security Centre (NCSC), has found that over 23 million people are still using ‘123456’ as their main password protecting their data from unscrupulous cyber criminals.
Incredibly, 7.7 million additional password users have opted for ‘123456789’ as their main password defence. The analysis of the 100,000 most commonly re-occurring passwords highlights the increased vulnerabilities to a law firm’s security if an ordinary password is used.
In the UK alone, premier league teams like Liverpool, Chelsea, Arsenal, Manchester United and Everton are used as the main barrier of password protection by around 800,000 users. Whilst this is dangerous for a personal account, the cyber report highlights that less than half of respondents use a strong, separate password for their accounts; potentially placing a law firm’s security at risk.
The NCSC emphasised that millions of commonly used passwords are pwned (sold) on the dark web and harvested by cyber criminals. These harvested lists are then used by cyber criminals to breach the perimeters of a user’s account or used to move within a network of less defended systems.
Overall, only 15% of respondents felt they had a comprehensive understanding of how to protect themselves from harmful activity.
42% of anxious respondents feared a lack of understanding in effective cyber hygiene as a determining factor that will mean they are exploited financially by 2021.
As more businesses move towards flexible and remote working patterns, it was alarming that a third of users fail to apply PINs and passwords on their mobile phones and tablets; any work-related activity completed through these devices could therefore become vulnerable as a result.
Dr Ian Levy, NCSC Technical Director, said:
“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable.
“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.
“Using hard to guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”
Margot James, DMCS’ Digital and Creative Industries Minister, said:
“Cyber security is a serious issue, but there are some simple actions everyone can take to better protect against hackers.
“We shouldn’t make their lives easy so choosing a strong and separate password for your email account is a great practical step.
“Cyber breaches can cause huge financial and emotional heartache through theft or loss of data which we should all endeavour to prevent.”
David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said:
“Given the growing global threat from cyber attacks, these findings underline the importance of using strong passwords at home and at work.”
Troy Hunt, International Web Security Expert, said:
“Making good password choices is the single biggest control consumers have over their own personal security posture.
“We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them.
“Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”
Whilst many law firms and businesses are beginning to increase their knowledge of cyber security and improve their defence budgets to reflect the increased risk, it is concerning that poor understanding and human error could potentially leave your clients exposed to ruthless cyber criminality.
Are your employees adequately trained in effective cyber hygiene and security? Do you ensure that your passwords are robust, individualised, unique and free from variations that have been sold on the dark web?