Private Schools and Parents Face Cyber Threat

Cybercriminals are always seeking new targets. Organisations receiving large payments, and with poorly secured IT systems are a treasure trove for hackers. Their latest campaign attacks private schools, with the aim of tricking parents into paying thousands of pounds of school fees to fraudsters’ accounts.

Unfortunately, many private schools lack adequate digital security. Cybercriminals are using phishing attacks to compromise school email systems to obtain parent’s data and contact details. A common tactic involves emailing parents to explain the school’s payment details have changed, and issuing a new invoice with their own bank details. Parents who reply to the email for confirmation, risk emailing the hackers instead.

It has been reported that one parent with three children at an independent school paid £70,000 to hackers after being offered a 10 per cent “early bird” discount.

“These emails can seem very real” says Colin Tankard, Digital Pathway’s Managing Director, “And, whilst the private school sector seems to be the latest target of these fraudsters, they are certainly not the first or will be the last.

“Always hover your cursor over the URL and check that the address is correct.  Sometimes it may differ by one digit or letter, so vigilance is key”, he adds.

Schools and parents who find themselves the victim of these attacks are unlikely to recover their money. Payment by bank transfer is not protected, and few schools have taken out cyber insurance. For the few that have, only 38 percent of policies cover this type of crime.

Staff need to receive ongoing training to help them identify phishing scams that enable hackers to gain access to their systems.

In addition, schools need to act quickly to ensure they are protecting the personal data they store and process. On 25th May 2018, the General Data Protection Regulations (GDPR) will replace the Data Protection Act. Failure to protect their systems from unauthorised access could see independent schools hit with colossal fines.

Compliance requires preparation, including auditing what information is held, and where, assessing threats, training staff, and updating policies and systems.

In light of the current email scam, independent schools should use a GDPR-compliant secure email service. Utilising end-to-end encryption, messages are protected from unauthorised access and e-mails rendered trusted and binding. Hackers are unable to decrypt the information being passed between the organisation and individuals. This restores confidence in email communications, knowing messages have come from a trusted source and are being sent to the intended recipient.

Our secure email service turns regular email into secure electronic communication. It is convenient, integrating with existing email solutions, and makes regular email compliant with GDPR.

With schools holding large amounts of sensitive and personal data, independent school fees attracting cyber criminals, and the imminent arrival of GDPR, it is essential schools invest in their digital security to protect themselves, their students and parents.

For advice and support with protecting your organisation from cyber security threats, contact us on 0844 586 0040 or email intouch@digitalpathways.co.uk.

 

 

 

 

GDPR: Is Your Law Firm in the 75%?

In November 2017, it was reported that 75% of UK law firms aren’t ready for the General Data Protection Regulation (GDPR). With less than three months to go until the compliance deadline of 25th May 2018, it is more important than ever for law firms to be prepared.

The legal sector is already highly regulated, with firms needing to comply with money laundering obligations, for instance. However, we have encountered some firms who believe this degree of regulation means they will already comply with GDPR. This isn’t true. Compliance with GDPR requires its own preparation, auditing, and changes to systems and policies surrounding the processing and storing of personal data.

GDPR places greater responsibility on organisations to review third party agreements for compliance too. Depending on your current processes and use of third parties, this could take significant time and resource.

As a firm, you must decide if you need to appoint a Data Protection Officer, based on criteria specified in the incoming legislation, as well as reviewing (or in some cases, implementing) your data protection policy, data breach notification procedure, subject access request forms and procedures, data protection impact assessments, and consent forms.

If you aren’t sure where to begin, the Law Society is collating guidance and support to help law firms prepare for GDPR.

Cybersecurity remains as important under GDPR as it is under the current data protection framework. The legal sector is an especially attractive target for cybercriminals seeking the sensitive data and significant funds held by law firms. Alarmingly, 62% of law firms reportedly suffered a cybersecurity incident last year.

Here are three ways you can protect your law firm from cybersecurity attacks:

Cyber training for staff

Every member of your firm is responsible for protecting your data. This is why it is essential to educate your staff through cybersecurity training. From spotting attempted social engineering attacks, to understanding the risk posed in finding an unidentified USB, being able to identify risks and threats could prevent a successful attack against your firm.

Secure email

Standard email is not a secure option for law firms. Unencrypted emails travel through servers located all over the world. Anyone who intercepts these communications will have access to the information being sent.

Law firms are especially likely to send emails containing sensitive information. Secure email is essential for the legal sector, and has come a very long way, offering both security and convenience. Our trusted partner, Regify, provides an encrypted email service that protects messages from unauthorised access and renders e-mail trusted and binding, making ordinary email compliant with GDPR.

Secure file sharing

The legal sector relies on document sharing. A secure file sharing system will protect your important documents and the sensitive data you hold. Cloud services such as Dropbox and OneDrive do not encrypt your documents, leaving you vulnerable to an attack on the cloud storage provider or access requests by government authorities. Through our partnership with Regify, we also offer a secure file sharing solution. Utilising end-to-end encryption and anonymised key management via a trusted third party, all data is securely stored within the UK.

Would you like to discuss GDPR or cybersecurity for your law firm? We’d be happy to help. Contact us on 0844 586 0040 or email intouch@digitalpathways.co.uk.

 

 

Client Data: Is Your Law Firm the Weakest Point in the Cyber Security Chain?

During 2016, 73 out of 100 top UK law firms were targeted by hackers. Meanwhile, many smaller firms mistakenly believe they are too small or niche to attract the interest of cybercriminals. As a law firm, the information you store and process is highly valuable. By aggressively targeting law firms, hackers seek to steal sensitive information, such as commercial secrets, intellectual property, personal information, mergers and acquisitions, and market strategies. This is why you are and will continue to be the target of cyber-attacks.

Unfortunately, several high-profile breaches indicate that the legal sector has a cyber-security problem. This is something cybercriminals are acutely aware of and seek to exploit. The issue is global, affecting firms all over the world. The revelation of the Panama Papers, for instance, was the result of a single cyberattack against Mossack Fonseca, a small Panamanian law firm. It is the largest data breach in history. Read more

Defend at all costs!

Legal sector must ‘step up a gear’ in Cyber technology.

Hackers view the legal sector, which tends to store and process critical and invaluable information, as a potential weak point in the cyber security chain and are constantly pursuing different ways to access legal organisations, both large and small. It is high time that the business of law makes cyber security its absolute priority to ensure its present and future is well – protected from the ruthless criminals out there ready to attack at every given opportunity. It is time the legal industry brought these cyber criminals to justice.

Read the full article in Intercontinental Finance & Law here on Page 21

 

How to keep a hacker out of your computer: The security of your data is vital – use our guide to stay safe

In the wake of the meltdown at TSB and the harvesting of personal information from Facebook, people are increasingly nervous about managing their finances online.

Here, The Mail on Sunday looks at how safe our data is and what we can do to protect ourselves from scams and fraudsters.

ACT ON NEW DATA PROTECTION LAW

A shake-up of data protection rules is being introduced this month aimed at changing the way companies handle personal information given to them.

Under a new ‘general data protection regulation’, it should be easier to control how our details are shared. This includes financial facts – such as where we bank, our account numbers and sort codes.

To read the full article in the Mail on Sunday

Internet of Things: Balancing Benefits and Risks in the Workplace

A recent survey of over 1000 buyers of IT across Europe and North America showed that 29% of companies have already embraced IoT, with an additional 19% planning to adopt IoT within their organisation over the next year. By the end of 2018, these figures suggest IoT will be adopted by nearly half of all businesses.

The benefits of IoT are already being seen in the home, with smart thermostats and smart speakers becoming commonplace over the last year.

Naturally, IoT brings infinite potential and possibilities for businesses, with everyday devices able to connect, monitor, and transfer large amount of data between each other. Read more

Cyber Security Company of the Year – Digital Pathways: Securing your data

Business and Industry Today is extremely proud to present Digital Pathways with our Cyber Security Solutions Company of the Year Award.
Established in 1996 by Managing Director, Colin Tankard, Digital Pathways is reputable for their award-winning and ground-breaking data security solutions that help businesses improve and protect their digital assets. Grounded in Harlow, Essex, Digital Pathways has over 20 years in the cybersecurity arena and work with some of the largest blue chip names across Europe. They specialise in encryption which is the foundation technology across all legislation, regulations and good
security practice.
Read the full article on page 32 here

Finalists announced for the Information Age Data Leadership Awards 2018

Another proud day in the life of Digital Pathways. Our Managing Director, Colin Tankard has been shortlisted as a finalist in the Information Age Data Leadership awards 2018.

The Data Leaders Awards honour the people at the forefront of data – those transforming organisations and enhancing decision-making through its use, managing and controlling its proliferating growth, and driving new business value.

The awards, organised by Information Age, brings together hundreds of Britain’s top data leaders to honour the industry’s leading players across 12 categories. The shortlist was announced on the 1st May, ahead of the awards ceremony at London Hilton Bankside on 24 May.

To find out the full list of finalists please click here