Private Schools and Parents Face Cyber Threat

Cybercriminals are always seeking new targets. Organisations receiving large payments, and with poorly secured IT systems are a treasure trove for hackers. Their latest campaign attacks private schools, with the aim of tricking parents into paying thousands of pounds of school fees to fraudsters’ accounts.

Unfortunately, many private schools lack adequate digital security. Cybercriminals are using phishing attacks to compromise school email systems to obtain parent’s data and contact details. A common tactic involves emailing parents to explain the school’s payment details have changed, and issuing a new invoice with their own bank details. Parents who reply to the email for confirmation, risk emailing the hackers instead.

It has been reported that one parent with three children at an independent school paid £70,000 to hackers after being offered a 10 per cent “early bird” discount.

“These emails can seem very real” says Colin Tankard, Digital Pathway’s Managing Director, “And, whilst the private school sector seems to be the latest target of these fraudsters, they are certainly not the first or will be the last.

“Always hover your cursor over the URL and check that the address is correct.  Sometimes it may differ by one digit or letter, so vigilance is key”, he adds.

Schools and parents who find themselves the victim of these attacks are unlikely to recover their money. Payment by bank transfer is not protected, and few schools have taken out cyber insurance. For the few that have, only 38 percent of policies cover this type of crime.

Staff need to receive ongoing training to help them identify phishing scams that enable hackers to gain access to their systems.

In addition, schools need to act quickly to ensure they are protecting the personal data they store and process. On 25th May 2018, the General Data Protection Regulations (GDPR) will replace the Data Protection Act. Failure to protect their systems from unauthorised access could see independent schools hit with colossal fines.

Compliance requires preparation, including auditing what information is held, and where, assessing threats, training staff, and updating policies and systems.

In light of the current email scam, independent schools should use a GDPR-compliant secure email service. Utilising end-to-end encryption, messages are protected from unauthorised access and e-mails rendered trusted and binding. Hackers are unable to decrypt the information being passed between the organisation and individuals. This restores confidence in email communications, knowing messages have come from a trusted source and are being sent to the intended recipient.

Our secure email service turns regular email into secure electronic communication. It is convenient, integrating with existing email solutions, and makes regular email compliant with GDPR.

With schools holding large amounts of sensitive and personal data, independent school fees attracting cyber criminals, and the imminent arrival of GDPR, it is essential schools invest in their digital security to protect themselves, their students and parents.

For advice and support with protecting your organisation from cyber security threats, contact us on 0844 586 0040 or email intouch@digitalpathways.co.uk.

 

 

 

 

GDPR: Is Your Law Firm in the 75%?

In November 2017, it was reported that 75% of UK law firms aren’t ready for the General Data Protection Regulation (GDPR). With less than three months to go until the compliance deadline of 25th May 2018, it is more important than ever for law firms to be prepared.

The legal sector is already highly regulated, with firms needing to comply with money laundering obligations, for instance. However, we have encountered some firms who believe this degree of regulation means they will already comply with GDPR. This isn’t true. Compliance with GDPR requires its own preparation, auditing, and changes to systems and policies surrounding the processing and storing of personal data.

GDPR places greater responsibility on organisations to review third party agreements for compliance too. Depending on your current processes and use of third parties, this could take significant time and resource.

As a firm, you must decide if you need to appoint a Data Protection Officer, based on criteria specified in the incoming legislation, as well as reviewing (or in some cases, implementing) your data protection policy, data breach notification procedure, subject access request forms and procedures, data protection impact assessments, and consent forms.

If you aren’t sure where to begin, the Law Society is collating guidance and support to help law firms prepare for GDPR.

Cybersecurity remains as important under GDPR as it is under the current data protection framework. The legal sector is an especially attractive target for cybercriminals seeking the sensitive data and significant funds held by law firms. Alarmingly, 62% of law firms reportedly suffered a cybersecurity incident last year.

Here are three ways you can protect your law firm from cybersecurity attacks:

Cyber training for staff

Every member of your firm is responsible for protecting your data. This is why it is essential to educate your staff through cybersecurity training. From spotting attempted social engineering attacks, to understanding the risk posed in finding an unidentified USB, being able to identify risks and threats could prevent a successful attack against your firm.

Secure email

Standard email is not a secure option for law firms. Unencrypted emails travel through servers located all over the world. Anyone who intercepts these communications will have access to the information being sent.

Law firms are especially likely to send emails containing sensitive information. Secure email is essential for the legal sector, and has come a very long way, offering both security and convenience. Our trusted partner, Regify, provides an encrypted email service that protects messages from unauthorised access and renders e-mail trusted and binding, making ordinary email compliant with GDPR.

Secure file sharing

The legal sector relies on document sharing. A secure file sharing system will protect your important documents and the sensitive data you hold. Cloud services such as Dropbox and OneDrive do not encrypt your documents, leaving you vulnerable to an attack on the cloud storage provider or access requests by government authorities. Through our partnership with Regify, we also offer a secure file sharing solution. Utilising end-to-end encryption and anonymised key management via a trusted third party, all data is securely stored within the UK.

Would you like to discuss GDPR or cybersecurity for your law firm? We’d be happy to help. Contact us on 0844 586 0040 or email intouch@digitalpathways.co.uk.

 

 

Client Data: Is Your Law Firm the Weakest Point in the Cyber Security Chain?

During 2016, 73 out of 100 top UK law firms were targeted by hackers. Meanwhile, many smaller firms mistakenly believe they are too small or niche to attract the interest of cybercriminals. As a law firm, the information you store and process is highly valuable. By aggressively targeting law firms, hackers seek to steal sensitive information, such as commercial secrets, intellectual property, personal information, mergers and acquisitions, and market strategies. This is why you are and will continue to be the target of cyber-attacks.

Unfortunately, several high-profile breaches indicate that the legal sector has a cyber-security problem. This is something cybercriminals are acutely aware of and seek to exploit. The issue is global, affecting firms all over the world. The revelation of the Panama Papers, for instance, was the result of a single cyberattack against Mossack Fonseca, a small Panamanian law firm. It is the largest data breach in history. Read more

Internet of Things: Balancing Benefits and Risks in the Workplace

A recent survey of over 1000 buyers of IT across Europe and North America showed that 29% of companies have already embraced IoT, with an additional 19% planning to adopt IoT within their organisation over the next year. By the end of 2018, these figures suggest IoT will be adopted by nearly half of all businesses.

The benefits of IoT are already being seen in the home, with smart thermostats and smart speakers becoming commonplace over the last year.

Naturally, IoT brings infinite potential and possibilities for businesses, with everyday devices able to connect, monitor, and transfer large amount of data between each other. Read more

Will we be haunted by Spectre and Meltdown for decades to come?

Fundamental vulnerabilities in modern devices: Will we be haunted by Spectre and Meltdown for decades to come?

2018 began with the alarming news that nearly every computer chip manufactured in the last 20 years contains basic security flaws. These flaws have been collectively named Spectre and Meltdown, and were discovered by security analysts at Google.

In contrast to malware and viruses, which affect software, these vulnerabilities are inbuilt into the hardware. The scale of the risk is unprecedented, as the flaws are not unique to one type of chipmaker or device. Instead, billions of devices, from desktop PCs to tablets and smartphones, are vulnerable. Read more

Could a Data Breach be the End for Your Business?

Building a business is hard work. To lose it all as a result of a data breach would be devastating.

Unfortunately, we recently learned of a SME who found themselves in this situation. Facing the threat of legal prosecution following a data breach, the company had no other option than to close its doors for good.

With the new and extensive EU General Data Protection Regulations (GDPR) coming into force in May 2018, there is a real risk we could see more smaller companies folding, unable to face the litigation and fines following a breach.

What is at stake?

On 25th May 2018, GDPR will replace the current Data Protection Act in the UK. These new regulations have been designed to give individuals greater control over what happens to their personal data when in the hands of organisations or businesses.

All businesses and organisations that store, manage, or process the personal data of EU citizens will be expected to comply with the new legislation.

Under GDPR, businesses will be more accountable for personal data breaches and data loss. Failing to understand your responsibilities could see your company facing a fine of up to 4% of your global, annual turnover, or €20,000,000, whichever is greater.

For SMEs, the ‘whichever is greater’ element of the new rules is the key phrase. It is easy to see how a smaller organisation would be unable to face this level of financial penalty, leaving them more vulnerable to collapse following a breach, than larger companies who might be more able to weather the impact of a fine.

Alarmingly, the Zurich SME Risk Index has suggested that many of the UK’s SME may be non-compliant on the GDPR implementation deadline. This isn’t a risk businesses can afford to take.

What can you do?

With less than 2 months left to prepare for GDPR, there is no time to waste. If you don’t fully understand the issue, finding out how the new regulations will work or what it will mean for your business and industry should be your first priority.

It is likely you will need to update your IT and privacy policies to ensure you are compliant. It is also vital that you communicate the new regulations and any changes to your policies to your staff.

If you don’t have the time to fully investigate and prepare, the best option is to work with an experienced cybersecurity company with a thorough understanding of GDPR.

At Digital Pathways, we have the expertise to audit your current systems and identify which elements are already in line with GDPR and what needs to change. We can ensure your company is compliant and ready for these new digital security regulations.

Don’t let a data breach be the end for your business. Contact us today on 0844 586 0040 or email intouch@digitalpathways.co.uk

3 Business Benefits of 2 Factor Authentication

Passwords are the weakest link in digital security. They can be guessed, captured by hackers logging keystrokes, or stolen by social engineering techniques. Additionally, individuals are often guilty of writing them down or using passwords that are easy to remember.

For businesses, this is bad news. Unauthorised users exploit the weak protection afforded by passwords to gain access to company data and systems. Whether it is personal data, intellectual property (IP), or research and development, all data has a value. This is what makes it an attractive target for cybercriminals.

Two factor authentication adds an extra layer of protection, strengthening digital security across your organisation. Read more

Secure Email: Simplified

Despite the clear benefits of secure email, organisations and individuals continue to send unencrypted emails around the world, risking their digital security and email privacy.

Relying on unencrypted email is the digital equivalent of sending a postcard in the mail. Before landing in your recipient’s inbox, regular email travels through servers all over the world. Anyone who intercepts this communication can read the content.

Law firms, healthcare professionals, and social services need to ensure email privacy to preserve their clients’ confidentiality. Organisations and businesses of all sizes need to protect their data and intellectual property, as well as that of their clients and employees. Individuals should also never send any information via regular email that they would not be willing to share publicly. Read more

How Can You Increase Your Wi-Fi Security? Here are a few simple ways…

Failure to implement basic Wi-Fi security practices is leaving organisations vulnerable to digital security threats, yet there are simple steps you can take to increase your protection.

Separating guest Wi-Fi access

Free guest Wi-Fi is no longer a perk, but an expectation. Whether customers are visiting the bank or barber, their local coffee shop, museum, or department store, they expect to be able to find an internet connection. The same is true for business meetings. If clients or business partners visit, it is very likely they will want to be able to access their emails, calendars, and cloud-based files from your offices.

Allowing anyone from outside your organisation to access your company’s private Wi-Fi is risky. Not only could viruses and malware reach your network from guests’ infected devices, it could also provide a hacker with a route in to your company’s vital information and systems. As Wi-Fi becomes more powerful, it broadcasts further. Someone who has accessed your Wi-Fi previously could automatically connect to your network weeks or months later, without even being in your building. Read more

Rethinking Cloud Storage Platforms for Business

In the rush to take advantage of the many benefits of cloud storage, organisations are failing to consider the legality and security of these solutions. Dropbox, OneDrive, BT Cloud, and Google Drive are used every day by millions of individuals and organisations around the world. However, entrusting the same third-party cloud storage provider with your holiday photos and your company’s intellectual property is often unwise. If you haven’t already, it is essential to stop and think about which platform is right for your data.

Location

Organisations must know exactly where their data will be physically stored.

One reason for this is because some data, such as personally identifiable information (originating from inside the EU), is subject to EU laws governing its storage and processing.

With the imminent arrival of the EU’s General Data Protection Regulations (GDPR) it has never been more important for your organisation to remain compliant when storing and transferring data. The regulations specify that personal data can only be transferred outside of the EU in compliance with the conditions for transfer. Fines for companies in breach of GDPR will be up to €20m or 4% of the organisations global annual turnover (whichever is greater). Getting this wrong could have serious and irrevocable consequences. Read more