By Legal Futures’ Associates CTS
The Coronavirus (COVID-19) outbreak has left all sectors to consider how best to protect both their workforce and business from the virus. According to the BBC, approximately 1.5 million people regularly work from home but this number, in recent weeks, will have quickly increased as business leaders been forced to switched to a remote working model for all staff, due to the government-enforced lockdown.
Remote working can pose a range of cyber security threats, which can be extremely harmful to law firms who are already vulnerable to attack due to the large volumes of sensitive data that they hold.
In this blog, we will explore the security challenges that arise from remote working, and how these issues can be overcome by a multi-layered security strategy.
BYOD (Bring Your Own Device)
The use of portable laptops and mobile phones has allowed workers to be more flexible with where they work, making the shift to remote working much easier than it would have been only decades ago. However, the flexibility that these devices bring all comes with an element of increased risk.
When it comes to law firm employees using their own devices when working from home, the main area for concern is data leakage. Bring Your Own Device (BYOD) can leave your firm’s systems vulnerable to data breaches. As personal devices are not part of your firm’s IT infrastructure, therefore not protected by your security systems, unsecured devices could result in cyber criminals gaining access to sensitive client information, leading to financial loss and reputational damage.
Endpoint Protection (EPP) ensures that endpoints, including both personal and business-issued devices, remain secured, protecting them from malicious attack and ensuring your law firm remains in control of the increasing number and forms of access points to your network. Using machine learning and end-user behaviour monitoring, EPP analyses device data and detects malicious activity to stop any attack attempts before they reach your critical systems.
Unsecured Networks
Unfortunately, the risk of attack has increased since the news of the COVID-19 outbreak, as cyber criminals have sought to take advantage of the situation, with cyberattacks more than doubling, according to Reuters.
Cyber criminals are constantly looking for weak spots to exploit, and one of the easiest ways for them to gain access to confidential data is through unsecured WiFi networks. The accessing of company and client information via an unsecure and unencrypted internet connection leaves your firm vulnerable to a data breach, as hackers seek to exploit security flaws to incept sensitive data.
There are simple steps, such as these, that your workforce can take to ensure that their home network is secure.
Keep Your Data Protected
When your workforce is working from home, using their own WiFi connections and possibly their own devices, it is vital that you have robust policies, protocols and protection in place, to minimize the possibly of attack.
The culmination of personal devices and unsecured networks significantly increases your surface attack area due to the bringing together of the different networks and systems being used to carry out business functions. In order to minimise the likelihood of attack, it is advised that law firms take a multi-pronged approach to cyber security and layer several different types of security measures to cover any possible gaps in your security system. Hackers only need to find one flaw whereas your firm needs to protect against them all.
In a growing and increasingly hostile digital landscape, having the capability to rapidly detect and respond to threats is vital. As technology advances, cyber criminals are right behind, sometimes developing faster than traditional security defences.
CTS’ Security Operations Centre comprises a team of experts, who are entirely focused on addressing the ever-developing security requirements of law firms. We undertake the complex task of threat hunting, monitoring and investigation, and can provide proactive advice to immediately remediate even the most serious security flaws.
Contact us today to discuss our Remote Security Assessments.