National Cyber Security Awareness Month – Top Cyber Security Recommendations from Atlas Cloud

As we observe Cyber Security Awareness Month this October, it’s crucial to highlight some alarming findings from a recent audit by Atlas Cloud. Their research reveals that almost three-quarters of UK law firms have at least one employee password leaked to publicly available sources, underscoring the urgent need for improved cyber security measures in your business. 

Audit Overview: Cyber Security Gaps in Law Firms

The IT services company audited over 5,000 UK-headquartered law firms for cyber security competence. They assessed breached passwords, phishing protection, email hijack protection, and analysed the size of each firm’s attack profile. Additionally, they evaluated alignment with the UK Government’s Cyber Essentials programme, which covers a range of defence mechanisms.

Of the 5,140 firms audited, 72.2% had one or more instances of employee username and password combinations evident in lists circulating on the Dark Web. In total, the auditors found just over one million (1,001,313) passwords relating to firms in the study, averaging out at 195 password combinations per firm or 1.27 per individual. 

Less than half (46.2%) of firms had domain hijack protection DMARC in place and only 15% of firms were certified for Cyber Essentials, a government backed scheme that is required for public sector case work.

Top Cyber Security Recommendations from Atlas Cloud

Based on their research, Atlas Cloud offered the following top tips to Partners for improving cyber security measures:

1. Implement Multi-Factor Authentication: To combat breached passwords, multi-factor authentication (face recognition, thumbprint or one-time tokens) must be applied to all systems.
2. User Awareness Training: Regular user awareness training should be applied to stop solicitors falling for the latest manipulation techniques, which are often employed to circumvent multi-factor authentication. 
3. Activate DMARC for Domain Hijack Protection: To combat domain hijacking, DMARC is a policy that firms can switch on. In doing so, it may cause disruption to current services, but tools are available to aid the transition and eliminate the disruption.
4. Get Cyber Essentials Certification: Cyber Essentials is a low-cost certification designed by the government to help firms establish key basic defence mechanisms. It is recommended for Lexcel accreditation and required for public sector work.
5. Add Phishing Protection: The most common cause of cyber attack is phishing, an impersonation technique usually via email. Standard mailbox spam filters are unable to detect phishing scams so phishing protection bolts-ons are necessary. The majority of firms have this in place now; so if your firm doesn’t, it is in the minority that is susceptible to this threat.

The full research from Atlas Cloud is available on their website. They will also be hosting a webinar in October to provide a short briefing and are willing to share individual firm reports with relevant and responsible individuals upon request.