In an uncertain world, organisations need to be fully equipped to counter online attacks, writes Scott C* from the National Cyber Security Centre.
Ransomware attacks are a huge risk for law firms, which have already suffered from online criminals. This includes legal aid providers. The sector is an attractive target for cyber attacks because law firms:
- hold sensitive client information
- handle significant funds
- are involved in important commercial and business transactions
What are the risks?
Findings show the most significant cyber threats law firms face include phishing, ransomware, data breaches and attacks on your supply chain. Your supply chain will include many organisations, people, resources and activities. Any part of this complex network can be singled out by criminals looking for ways to compromise your data and systems.
What could happen?
Hostile actors have a range of tactics for accessing an organisation’s network. Phishing emails, or malware to extract sensitive company data, are among the favoured approaches. Another way is to drop destructive ransomware on to the network, before attempting a so called ‘double extortion’ against the victim. This happens when online data is both stolen and encrypted.
What should we do?
We encourage organisations to mitigate the threat by:
- introducing a password policy with multi-factor authentication (MFA)
- implementing a proper patching regime
- backing up your data securely
Where can I find out more?
A webinar giving you the opportunity to meet experts from both the National Cyber Security Centre (NCSC) and the Ministry of Justice is taking place on Wednesday 25 January 2023, 4pm to 5pm. It is now open for bookings.
This is your opportunity to learn more and ask questions about the essentials of cyber security and how to protect yourself online:
Ransomware and cyber security webinar
We also have a wide range of resources on the NCSC website, which you can use to protect your organisation from attack.
You can sign up to receive cyber security updates, weekly ‘threat’ reports and news about events and webinars from our subscription centre. You can opt out any time.
Help from the NCSC
National Cyber Security Centre – to access a wealth of cyber security resources
NCSC subscription centre – sign up for cyber security updates
Malware or ransomware defences – practical steps to take
Early warning service – sign up for this free NCSC cyber attack alert service
Exercise in a box – free online tool to help organisations test resilience to cyber attacks
Defending against email phishing –building resilience to phishing attacks
Three random words for passwords – explaining the logic behind this approach to creating passwords
Cyber Information Sharing Platform – joint industry and government initiative for secure exchange of cyber threat informatio
Contact NCSC – general enquiries, feedback and information requests
Report a cyber incident – NCSC’s streamlined service guides businesses and organisations to the most appropriate agency for reporting a cyber incident
Report scam emails, texts, websites and calls – guidance on what to do
* Full names of individuals working for the NCSC need to be protected for security reasons
Leave a comment