Why Encryption is the Baseline Solution That Every Company Should Have

Major cyber breaches are consistently hitting the headlines, with successful attacks causing lasting damage to brands and costing businesses in excess of an estimated $400 billion a year.

Perimeter security, such as firewalls and anti-virus software, are no longer enough to protect against increasingly frequent and sophisticated attacks. Should perimeter security be breached, then a hacker can have unopposed access to privileged data from within the network.

What is GDPR? And How Will It Affect The Legal Sector?

If you have been paying attention, it is likely that you will have heard murmurs about the upcoming changes to the way that personal data will be protected in Britain. You may even have heard us outline some of these changes ourselves in our blog ‘How will the changes brought in by GDPR affect your business?’. For almost 20 years, we have relied on the Data Protection Act to be our sole regulatory legislation for the responsible processing of personal information. On the 25th May 2018, this will change.

The EU’s General Data Protection Regulation (GDPR) is a set of compliance regulations that organisations and businesses will be obligated to adhere to. When processing data, these robust, much stricter set of rules will be the benchmark for companies to meet, in order to avoid the fines that incompetence, and ignorance, will claim. Despite the huge changes that GDPR is promising for UK businesses, there still seems to be a certain amount of unawareness across the country, no more so than in the Legal Sector.

Why are cyber-attacks on the increase in the Legal Sector?

Statistics from PwC’s 25th annual Law Firms Survey show that cyber-attacks on law firms in the UK increased by nearly 20% between 2014-15 and 2015-16, with 73% of the top 100 law firms being targeted by cyber-attacks.

Holding a wealth of sensitive information, it is easy to see why the legal sector is an attractive target for cyber criminals and hacktivists.

With the rise in cyber-attacks on the legal sector showing no signs of abating in 2017, it is more crucial than ever to ensure you are fully protected against this kind of threat.

Law firms are being attacked – Are you prepared?

Threats to cyber security are a concern for every industry and business. However, the legal sector remains an especially attractive target due to the wealth of sensitive information held by law firms.

Patent data, merger and acquisition information, negotiation information, and protected witness information are just some examples of sensitive commercial data and intellectual property that are highly desirable to cyber criminals, hacktivists, and state-sponsored parties.

It is easy to see why legal firms are rich with opportunity for these groups.

How will the changes brought in by GDPR affect your business?

In the UK, The Data Protection Act of 1998 has been the sole regulatory legislation that companies based here have had to comply to. An Act of Parliament, it was introduced to protect the personal data of British citizens, by outlining exactly what businesses must do when processing their information.

On the 25th May 2018, the Data Protection Act will be replaced by the EU General Data Protection Regulation (GDPR). This is a Europe-wide set of compliance obligations, rules that will again stipulate what must happen when an organisation handles and processes data. It is widely agreed that the GDPR is a far more robust set of regulations than what is currently in place, with the main changes in the areas of child consent, privacy by design and data breach notifications.

The Importance of Baseline Security

Understanding your company position in terms of digital security is vital to knowing whether you can and will be protected moving forward. Although having layers of security to protect you against the multitude of threats a company can face is preferable, there is a bare minimum standard that you should be aiming for.

That bare minimum would be a Gap Analysis of your current situation. This is a method of assessing the differences in performance between a business’ information systems or software applications, to determine whether business requirements are being met and, if not, what steps should be taken to ensure they are met successfully. The first step is always to understand the present and isolate the issues that must be addressed moving forward.

The Threat of Ex-employees in Digital Security

When we talk about the insider threat, and it is a topic that is very prominent in the digital security world at the moment, we tend to think of it in terms of rogue employees. People inside your business who are either actively looking to damage your organisation, or are simply naïve to the risks of what they are doing. At Digital Pathways, we would like to talk about the equal threat that ex-employees pose, or at least, how the accounts they leave behind can still cause damage. 

How Ransomware Attacks Might Affect Smart Buildings

Ransomware has become a decidedly ‘trendy’ cyber-attack topic for the media to cover. We looked at it ourselves earlier this year too, in our post on ‘how to deal with ransomware’. In it, we discussed how this particular form of cybercrime can affect people, and what is at risk. We touched on the turmoil that hackers have caused in hospitals and schools, as well as how businesses should look to educate their staff on preventative measures.

The Potential Risks of the Internet of Things in our Homes

The emergence of the Internet of Things (IoT), and the dawning of the ‘Interconnected Home’, is set to revolutionise the way we live our lives.

Connectivity between Internet-enabled devices will allow for previously unthought-of communication, as physical objects perform actions that see them interact with their environment. The possibilities are vast, with electronic appliances in the home embedded with the same technology you would likely find in your phone, or even your car.

How Log Management Can Help You Protect Your Systems

Log management is an essential tool in the battle against cyber-crime. It might not be as glamourous as anti-malware software, or the use of honeypots, but it can be the single most important way of preventing a potential hack. It is effectively the gathering of information from your systems. Every PC and server you use will keep an audit of its activity, which gives you valuable insight into the behaviours of its users. You are able to track exactly who logged in at any given time, and where exactly they were accessing.