emailfacebookinstagrammenutwitterweiboyoutube

Hacking and ransomware attacks back in the spotlight

Effectively managing the security practices around cloud technology is crucial to keeping law firms safe amid international cyber warfare, according to Nick Hayne, head of professional services at Quiss.

Nick Hayne, head of professional services|Quiss|

With the world concentrating on the pandemic, mandate lifting and the likely impact, cyber-crime appeared to have taken a backseat, sliding down the awareness scale. But the quickly evolving situation on Ukraine’s borders has again raised the spectre of cyber crime and its impact.

A White House briefing on 18 Feb, blamed Russian state actors for a sustained distributed denial-of-service (DDoS) attack against Ukraine, which brought chaos to bank and government websites – no doubt intended to spread fear amongst citizens.

This report followed quickly on the heels of an alert from the US Cybersecurity and Infrastructure Agency (CISA) on 16 Feb. It claimed Russian hackers had in recent years targeted security-cleared US defence contractors to steal sensitive information on weapons, aircraft design and combat communications systems  – the reasons are now perhaps becoming clear.

Risks closer to home

Despite the news focussing on hackers targeting Ukraine, the risk to UK law firms will remain closer to home and shows little sign of lessening, despite the ongoing migration to the cloud, which for many was sold as the panacea for all ills.

But cloud migration will not magically improve workloads, or the processes around them – including security, which is often the last thing a business wants to address because it slows everything down.

Everyone knows they should implement multi-factor authentication (MFA) for important things like bank accounts, but most perceive the extra identity confirmation step as time-consuming and annoying. The cloud is no different. Despite the technology, humans still manage it.

Research shows that 48% of organisations have not enabled MFA on their most privileged account – the root user – with 27% operating in contravention of cloud best practice by using this account for administrative tasks and leaving themselves open to attack.

Identity and access management (IAM) is one of the most critical aspects of cloud security and new, processes must be developed, with IAM roles associated only with specific tasks and excluding extra permissions. As always, educating users about the risks will be key to protecting corporate Clouds.

Cyberattacks will look for the weaknesses wherever they exist in private or public clouds and must now be accepted as the price we pay to do business in a connected world. But, as technology continually develops and evolves, so to do the attack methods of cyber-criminals.

Ensuring your systems meet the standards recommended by UK’s National Cyber Security Centre’s ‘10 Steps to Cyber Security’ is the first step in protecting your firm. Whether you can meet every requirement immediately or not, it’s just important to do something, as the hackers are out there and ready to take your business down until you pay the ransom

It’s that simple and if you need any advice, even if it’s just how to implement multi-factor authentication (MFA), then please get in touch and don’t be the law firm that becomes a cautionary tale for others that have not acted.

LPM Conference 2025

The LPM annual conference is the market-leading event for management leaders in SME law firms

Sound adjustment

As hybrid work reshapes office life, sound has become an unexpected challenge — fluctuating noise levels, open layouts, and varying workplace density can disrupt focus and productivity. How can business leaders create environments that support all their people's needs?