Law firms have been subjected to cybercrime attacks and need high preparedness
Sydney Kanda – Cybercrime continues to increase and Kiwi businesses need to protect themselves against the cyber criminals and hackers who are targeting businesses’ data.
Sydney also recommends business owners consider investing in cyber insurance to provide peace of mind that in the event a cyber security breach does occur – they are protected and the costs associated with managing the breach are covered.
MAS Cyber Insurance provides cover for all kinds of costs associated with a cyber security breach. These include the cost of public relations advice required to deal with the fallout of a public data breach, or the cost of data forensic experts to examine, analyse and secure a computer network.
Ten tips to protect your business from cybercrime
1. Keep software updated
Hackers look for weaknesses in software that can provide a way into computer systems. Software creators are constantly reviewing their systems and updating them to remove the weakness as soon as they find them. Businesses need to ensure their software is updated as soon as these updates are made available, otherwise they risk using a system with vulnerabilities that can be taken advantage of.
2. Remove default services you don’t need
New smartphones and computers come with a range of default services already installed. The more apps and services you have on your device, the more opportunities there are for hackers to access your systems. Remove any unused services and apps to minimise the risk.
3. Test backups regularly
Data always needs to be backed up. If your business is attacked by cyber criminals, having a backup of your critical data allows you to restore your systems quickly without losing critical information. Set up a system to test your backups to ensure you have stored all your data securely.
4. Create a whitelist and a blacklist
Create an inventory of the applications and programs that are allowed on your computer network – that’s your software whitelist. Then blacklist any programs you don’t need, making them unauthorised and unable to run on your computers.
5. Apply least privilege
Not everyone in your organisation needs access to all the data your business holds. The more people who can access sensitive information, the greater the risk of that data getting into the wrong hands. Only those people who need the information to do their jobs should be given access.
It’s also worth blocking traffic from countries where you don’t have business. Unless you’re doing business with Bulgaria and Tunisia, for example, you can restrict Internet Protocol addresses (IP address) from geographic areas to prevent access.
6. Keep a log
Keep a log of online traffic across your entire computer network. If your system is attacked, experts will be able to identify whether hackers are still in the system or have left programs that can cause hard.
7. Network segmentation
Divide your computer networks into departments, so that you can control access to sensitive information. For example, Marketing does not need access to financial information, and IT doesn’t need access to sales data. Segmenting your network adds extra barriers so that if hackers do get access to one area of the network, it will be harder for them to infiltrate other areas of the business.
8. Strengthen passwords and authentication
Ensure your networks have strong passwords and add multi-factor authentication. Simple passwords, such as summer99 can be hacked within about 30 seconds, whereas S9mm3rH200 might take three or four weeks to be hacked. Multi-factor authentication provides a second line of defence by requiring you to enter a code that is sent to your mobile phone or a secondary email address to confirm your identity. A hacker might be able to break into your email, but without your phone, they cannot confirm any identity and will be blocked from any further access.
9. Manage the life cycle of your assets
Computer software and hardware needs to be replaced to keep it up to date and secure. When upgrading hardware, it’s important to get these devices wiped, removing any critical information from them to remove the risk of that data getting into the wrong hands.
10. Beware of macros
Macros are small programs that can be run in office productivity software like Microsoft Office. They’re sometimes essential to help the software work but attackers can also use macros to hide malicious malware. If you don’t need macros in your organisation, disable them altogether.
Sydney Kanda is the Senior System Support administrator for Medical Assurance Society and has extensive experience in IT networks including in all modern security, network, load balancing, WAN acceleration & compression technologies – both at LAN, WAN, branch and datacentre levels. He can be contacted at LinkedIn.
- Chapman Tripp on Most Innovative Law Firm ListDescribed as the ‘one to watch’ in New Zealand’s legaltech industry, Chapman Tripp with their technology and innovation business, Zeren, has been recognised […] More
- Litigation PR: an important tool in the litigation toolboxLitigation PR is increasingly popular overseas . . and catching on in New Zealand, lead by a two-woman power team Litigation PR is […] More
- How Kate Sheppard Inspired This Barrister To Set Up A New Chambers ModelA virtual chambers model is designed to encourage more women into chambers – earlier than otherwise It had to happen – a Chambers […] More
- Another Law Firm for Kim DotcomInternet entrerpreneur Kim Dotcom’s ongoing battle to avoid extradition to the United States has seen a number of lawyers appearing for him in […] More
- If 2020 Was Tough for Kiwi Lawyers – It May Have Been Even More Tough for The NZ Law SocietyLaw Society Posts a $3 Million Loss after a ‘challenging year’ The Law Society has posted a $3 million loss last year after […] More
- The 15-Hour Workdays And Ongoing Issue of Lawyer BurnoutLawyer burnout is a major problem for law firms globally, but it’s not an inevitability More
- ‘You’re The Reason God Gave Us a Middle Finger’ – Abusive Emails Achieve Suspension For LawyerLaw Society Tribunal suspends lawyer for misconduct over abusive emails sent to litigant From the NZ Law Society – John Paul Schlooz has […] More