secure email image

Private Schools and Parents Face Cyber Threat

Private schools and parents face cyber threat as cybercriminals are always seeking new targets, digital security for education should not be ignored. Organisations receiving large payments, and with poorly secured IT systems are a treasure trove for hackers. Their latest campaign attacks private schools, with the aim of tricking parents into paying thousands of pounds of school fees to fraudsters’ accounts. Cybersecurity for the education sector needs to be taken seriously.

Digital Security for Education

Unfortunately, many private schools lack adequate digital security. Cybercriminals are using phishing attacks to compromise school email systems to obtain parent’s data and contact details. A common tactic involves emailing parents to explain the school’s payment details have changed and issuing a new invoice with their own bank details. Parents who reply to the email for confirmation, risk emailing the hackers instead.

It has been reported that one parent with three children at an independent school paid £70,000 to hackers after being offered a 10 per cent “early bird” discount.

“These emails can seem very real,” says Colin Tankard, Digital Pathway’s Managing Director, “And, while the private school sector seems to be the latest target of these fraudsters, they are certainly not the first or will be the last.

“Always hover your cursor over the URL and check that the address is correct.  Sometimes it may differ by one digit or letter, so vigilance is key”, he adds.

Schools and parents who find themselves the victim of these attacks are unlikely to recover their money. Payment by bank transfer is not protected, and few schools have taken out cyber insurance. For the few that have, only 38 percent of policies cover this type of crime.

Cybersecurity Training

Staff need to receive ongoing training to help them identify phishing scams that enable hackers to gain access to their systems.

Also, schools need to act quickly to ensure they are protecting the personal data they store and process. On 25th May 2018, the General Data Protection Regulations (GDPR) will replace the Data Protection Act. Failure to protect their systems from unauthorised access could see independent schools hit with colossal fines.

Compliance requires preparation, including auditing what information is held, and where, assessing threats, training staff, and updating policies and systems.

In light of the current email scam, independent schools should use a GDPR-compliant secure email service. Utilising end-to-end encryption, messages are protected from unauthorised access and e-mails rendered trusted and binding. Hackers are unable to decrypt the information being passed between the organisation and individuals. This restores confidence in email communications, knowing messages have come from a trusted source and are being sent to the intended recipient.

Our secure email service turns regular email into secure electronic communication. It is convenient, integrating with existing email solutions, and makes regular email compliant with GDPR.

With schools holding large amounts of sensitive and personal data, independent school fees attracting cybercriminals, and the imminent arrival of GDPR, it is essential schools invest in their digital security to protect themselves, their students and parents.

For advice and support with protecting your organisation from cybersecurity threats, contact us on 0844 586 0040 or email [email protected].

General Data Protection Regulation

GDPR: Is Your Law Firm in the 75%?

Cybersecurity for Your Law Firm

In November 2017, it was reported that 75% of UK law firms aren’t ready for the General Data Protection Regulation (GDPR). With less than three months to go until the compliance deadline of 25th May 2018, it is more important than ever for law firms to be prepared.

The legal sector is already highly regulated, with firms needing to comply with money laundering obligations, for instance. However, we have encountered some firms who believe this degree of regulation means they will already comply with GDPR. This isn’t true. Compliance with GDPR requires its own preparation, auditing, and changes to systems and policies surrounding the processing and storing of personal data.

General Data Protection Regulation (GDPR)

GDPR places greater responsibility on organisations to review third-party agreements for compliance too. Depending on your current processes and use of third parties, this could take significant time and resource.

As a firm, you must decide if you need to appoint a Data Protection Officer, based on criteria specified in the incoming legislation, as well as reviewing (or in some cases, implementing) your data protection policy, data breach notification procedure, subject access request forms and procedures, data protection impact assessments, and consent forms.

If you aren’t sure where to begin, the Law Society is collating guidance and support to help law firms prepare for GDPR.

Cybersecurity remains as important under GDPR as it is under the current data protection framework. The legal sector is an especially attractive target for cybercriminals seeking the sensitive data and significant funds held by law firms. Alarmingly, 62% of law firms reportedly suffered a cybersecurity incident last year.

Here are three ways you can protect your law firm from cybersecurity attacks:

Cyber Training for your Law Firm staff

Every member of your firm is responsible for protecting your data. This is why it is essential to educate your staff through cybersecurity training. From spotting attempted social engineering attacks, to understanding the risk posed in finding an unidentified USB, being able to identify risks and threats could prevent a successful attack against your firm.

Secure email

Standard email is not a secure option for law firms. Unencrypted emails travel through servers located all over the world. Anyone who intercepts these communications will have access to the information being sent.

Law firms are especially likely to send emails containing sensitive information. Secure email is essential for the legal sector and has come a very long way, offering both security and convenience. Our trusted partner provides an encrypted email service that protects messages from unauthorised access and renders e-mail trusted and binding, making ordinary email compliant with GDPR.

Secure file sharing for your Law Firm

The legal sector relies on document sharing. A secure file sharing system will protect your important documents and the sensitive data you hold. Cloud services such as Dropbox and OneDrive do not encrypt your documents, leaving you vulnerable to an attack on the cloud storage provider or access requests by government authorities. Through our partnerships, we also offer a secure file sharing solution. Utilising end-to-end encryption and anonymised key management via a trusted third party, all data is securely stored within the UK.

Would you like to discuss GDPR or cybersecurity for your law firm? We’d be happy to help. Contact us on 0844 586 0040 or email [email protected].



Law book & hammer, cybersecurity for law firms

Client Data: Is Your Law Firm the Weakest Point in the Cyber Security Chain?

Financial Fraud is big business for cybercriminals

During 2016, 73 out of 100 top UK law firms were targeted by hackers. Meanwhile, many smaller firms mistakenly believe they are too small or niche to attract the interest of cybercriminals. As a law firm, the information you store and process is highly valuable. By aggressively targeting law firms, hackers seek to steal sensitive information, such as commercial secrets, intellectual property, personal information, mergers and acquisitions, and market strategies. This is why you are and will continue to be the target of cyber-attacks and potential financial fraud.

Cybersecurity issues for law firms

Unfortunately, several high-profile breaches indicate that the legal sector has a cybersecurity problem. This is something cybercriminals are acutely aware of and seek to exploit. The issue is global, affecting firms all over the world. The revelation of the Panama Papers, for instance, was the result of a single cyber attack against Mossack Fonseca, a small Panamanian law firm. It is the largest data breach in history. Read more

IOT network image

Internet of Things: Balancing Benefits and Risks in the Workplace

Internet of things: Benefits and Risks

The benefits of IoT. A recent survey of over 1000 buyers of IT across Europe and North America showed that 29% of companies have already embraced IoT, with an additional 19% planning to adopt IoT within their organisation over the next year. By the end of 2018, these figures suggest IoT will be adopted by nearly half of all businesses.

The benefits of IoT are already being seen in the home, with smart thermostats and smart speakers becoming commonplace over the last year.

Naturally, IoT brings infinite potential and possibilities for businesses, with everyday devices able to connect, monitor, and transfer large amounts of data between each other. Read more