Jonathan Ashley, co-founder of etiCloud. (Sponsored content)

Back in March this year national criminal defence law firm, Tuckers Solicitors, were fined nearly £100,000 for a ransomware attack which resulted in 972,000 files being encrypted.

Jonathan Ashley, co-founder of etiCloud

Jonathan Ashley

In its summary the ICO stated that whilst the main culpability for the incident remained with the hackers, the firm itself had provided them with a ‘weakness to exploit’ and was responsible for the protection of client data. Despite being advised to do so since 2018, it transpired that Tuckers had not implemented multi-factor authentication (MFA) for remote access to its systems.

The ICO deemed that this extra level of protection was a ‘comparably low-cost preventative measure which Tuckers should have implemented’. Had they done so, it would have made it substantially more difficult for a hacker to enter its network. It could have made all the difference.

Following the cyberattack, the firm added a ‘broad range of measures to prevent the reoccurrence of such criminal incidents’ and is now operating from a state-of-the-art system. But whilst theses new measures will have been inexpensive to implement, the resultant fine from the ICO will have made this an expensive lesson learnt.

Sadly, Tuckers are not alone as UK law firms continue to face an increasing number of cyberattacks in the form of phishing, ransomware and supply chain compromises. Companies are being impacted all the time. However, as outlined above with the addition of MFA which is just one of the easy, low cost measures that can be added to any IT system, it’s simple to fix. It’s vital that we talk about the risks firms face. It should not be taboo to talk about the impact of a cyberattack. And the impact on finances and corporate reputation must not be underestimated.

It’s pleasing to see the firms that do take the opportunity presented by a cyberattack or breach and use it as a type of communications opportunity to illustrate to their peers what can happen and what can be done to mitigate the situation. By holding a hand up and saying: “it was our fault, we’ve taken every precaution and learnt from this and as our customers and suppliers, we want to make sure you’re as safe as possible”. Talking about the incident is beneficial not only to the firm affected, but everyone associated with it and that has to be a positive thing.

I’m conscious not to appear as a fearmonger but it’s imperative that you don’t bury your head in the sand when it comes to the subject of cyber security and any cyberattack that affects your firm, even if you think it is inconsequential.

There are many companies out there that make cyber security their business, including etiCloud, and they do it really well. They can help and advise, usually with a free initial consultation and audit so you have nothing to lose – just give us a call. What’s more, if you have experienced a cyberattack or they discover a problem with your systems, they will know exactly how to deal with it. A case of ‘always ask the experts’ if ever there was one.

With record fines for breaches and numerous law firms still unwilling to acknowledge that they’ve suffered an attack, the hackers are winning. If we continue to sweep the issue under the carpet and don’t tackle it head on, we can’t get better at it. Is that really what we want for the UK law industry, an industry that supposedly leads the world? I think not.

etiCloud_900x600 Logo

 

Enterprise House
1 Broadfield Court Sheffield
S8 0XF
United Kingdom

T: 0333 358 2222

Find out more about etiCloud

Topics