We’ve seen too many partners having to endure it. The awful realisation that digital criminals are inside your firm, stealing and encrypting confidential personal and business information and using it to blackmail you.
You know for sure that your business is going to be severely damaged, and you’re going to have to explain yourself to the SRA, ICO and your clients.
To help you avoid this, here are our top 10 areas that law firms need to address to stop ransomware.
Read the full article from Mitigo here.
1. Anti-Virus (AV) software.
AV is the software application that is designed to stop malicious software getting a foot hold on your devices and to prevent bad actors (hackers) from taking control of your systems.
2. Email security filters.
Email platforms have filters that check incoming emails for malicious software, dodgy links and if they came from an untrusted origin.
3. Web browsing controls.
These controls are designed to stop or warn users they are about to visit a dangerous or fraudulent website.
4. Security patching.
Software providers like Microsoft or Google (Chrome) issue regular software updates that patch (fix) known vulnerabilities.
5. Least privilege.
Every user on your system is assigned privileges that define what they can control, run, and amend.
6. Remote authentication.
When working at a non-work location (e.g. at home) how do you tell business systems who you are and how do they authenticate that?
7. Test and scan externally facing assets.
Tests and scans of firewalls, domain addresses, login pages and IP addresses will check for vulnerabilities and gaps in your security defences.
8. Review access management.
This relates to the documents, files, and folders that your system allows individuals to access.
9. Alerting and incident response.
The controls and administration of your IT systems have alerts that warn you something is not right.
10. Back-up.
This is the process by which your business takes a copy of the systems, applications, and documents for use in an emergency.
There is of course more to do, but if you do this top 10 well, it will dramatically reduce your risk.
Read the full article from Mitigo here.
We have partnered with Mitigo to offer cybersecurity risk management services to our members. Find out more about Mitigo’s Cybersecurity Services or call 0208 191 1592 or email tsp@mitigogroup.com.