Skip to main content

Beware of cyber criminals who are preying on legal aid providers

Posted by: , Posted on: - Categories: legal aid agency

In an uncertain world, organisations need to be fully equipped to counter online attacks, writes Scott C* from the National Cyber Security Centre.

Red security alarm

Ransomware attacks are a huge risk for law firms, which have already suffered from online criminals. This includes legal aid providers. The sector is an attractive target for cyber attacks because law firms:

  • hold sensitive client information
  • handle significant funds
  • are involved in important commercial and business transactions

What are the risks?

Findings show the most significant cyber threats law firms face include phishing, ransomware, data breaches and attacks on your supply chain. Your supply chain will include many organisations, people, resources and activities. Any part of this complex network can be singled out by criminals looking for ways to compromise your data and systems.

What could happen?

Hostile actors have a range of tactics for accessing an organisation’s network. Phishing emails, or malware to extract sensitive company data, are among the favoured approaches. Another way is to drop destructive ransomware on to the network, before attempting a so called ‘double extortion’ against the victim. This happens when online data is both stolen and encrypted.

Man on mountain embracing world enveloped in digital net of creativity

What should we do?

We encourage organisations to mitigate the threat by:

  • introducing a password policy with multi-factor authentication (MFA)
  • implementing a proper patching regime
  • backing up your data securely

Where can I find out more?

A webinar giving you the opportunity to meet experts from both the National Cyber Security Centre (NCSC) and the Ministry of Justice is taking place on Wednesday 25 January 2023, 4pm to 5pm. It is now open for bookings.

This is your opportunity to learn more and ask questions about the essentials of cyber security and how to protect yourself online:

Ransomware and cyber security webinar

We also have a wide range of resources on the NCSC website, which you can use to protect your organisation from attack.

You can sign up to receive cyber security updates, weekly ‘threat’ reports and news about events and webinars from our subscription centre. You can opt out any time.

Help from the NCSC

National Cyber Security Centre – to access a wealth of cyber security resources

NCSC subscription centre – sign up for cyber security updates

Malware or ransomware defences – practical steps to take

Early warning service – sign up for this free NCSC cyber attack alert service

Exercise in a box – free online tool to help organisations test resilience to cyber attacks

Defending against email phishing –building resilience to phishing attacks

Three random words for passwords – explaining the logic behind this approach to creating passwords

Cyber Information Sharing Platform – joint industry and government initiative for secure exchange of cyber threat informatio


Contact support

Contact NCSC – general enquiries, feedback and information requests

Report a cyber incident – NCSC’s streamlined service guides businesses and organisations to the most appropriate agency for reporting a cyber incident

Report scam emails, texts, websites and calls – guidance on what to do

* Full names of individuals working for the NCSC need to be protected for security reasons

Sharing and comments

Share this page

Leave a comment

We only ask for your email address so we know you're a real person

By submitting a comment you understand it may be published on this public website. Please read our privacy notice to see how the GOV.UK blogging platform handles your information.