On Monday 15th May 2017, Xperience hosted an educational cyber security seminar at The Law Society of Northern Ireland. During the event, Xperience educated legal professionals on the risks of cybercrime, providing advice on security best practice.
Cybercrime: Modern Day Kidnap
In the connected world we now live in, therefore, the prospect of a cyber-attack on your business is inevitable. Quite simply put, it’s not a case of ‘if’ an attack will happen, it’s ‘when’. This was the stark message presented to members of The Law Society on Monday. The event gathered a full house, not surprising considering the large scale ‘WannaCry’ attack which hit the NHS just days before.
Patrick Leggett, Group Director at Xperience and Warren Mercer, Technical Lead at Cisco delivered the workshop and the panel discussion, which followed. Here we look at the top questions put to the panel:
Q. Can you protect 100% from a cyber-attack?
A. Patrick comments, “The straight forward answer to this question is no. While you can have best in class preventative measures in place, there is always the factor of human error to consider. Cybercriminals are becoming increasingly sophisticated, so scams aren’t always entirely obvious, and can be easily mistook as genuine.”
Warren adds, “Malvertising is on the rise. For those of you who don’t know, Malvertising is the use of online advertising to spread malware. It involves inserting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. It’s hard to distinguish which ones are legitimate, so it’s essential that all staff within your firms have an ad-blocker installed when browsing the web”.
Q. What can firms do to prevent a cyberattack?
A. Patrick comments, “All firms should start by testing what they currently have in place – that way inefficiencies can be easily identified. From there, it is devising a strategy which covers back-ups, disaster recovery and business continuity.”
Warren continues “Day-to-day, there are steps you can take to reduce the risk of an attack:
- If you are not expecting an email from someone, don’t open the attachment or click on a link, delete it straight away and flag it with you IT manager.
- Install an ad-blocker, as you cannot be sure which ads are genuine.
- Don’t put any sensitive information such as your company email address onto social media sites like LinkedIn. While it can be good for networking, it’s also a primary source for hackers when looking for inside information.”
Q. Is the Cloud safer than on-premise?
A. Patrick explains, “Quite simply put, the security measures offered by Cloud are completely unmatched by an on-premise solution. Being in the cloud often increases security due to the extensive physical and electronic security measures employed.
Warren adds, “Cybercrime is unfortunately one of the biggest risks to firms today, so whilst counter measures are available, staff education is essential to help protect your organisation from the latest threats, such as phishing and Ransomware attacks”.
Q. How can we educate our staff on what to look out for?
A. Patrick says, “Staff education is key and it’s worth creating a knowledge hub where you can share insights on the latest scams. Hold an internal event, or even better send your staff to external educational seminars like this, where they can learn about what to look out for first hand, from the experts.”
It was widely agreed that cybercrime is a huge challenge faced by legal firms, but the key is to remember that prevention is better than cure!