A new year is widely seen as the chance for a new start; time to look at your priorities with a fresh perspective and vigor. This new year has started very differently for all of us. Many won’t head into the office as we once would, and this brings with it it’s very own set of remote-working challenges.
Does this ring true for your company? As you know your firm is in control of a lot of sensitive, confidential data. Should this fall into the wrong hands, it could be catastrophic. And every day simple tasks and protocols that we might not give much thought, could play right into cyber-criminals’ hands.
Below are the top 10 reasons you could be leaving the back door open for cyber criminals to infiltrate your system.
- Outdated browsers and software
Did you know not running with the most current versions of internet browsers or software such as Microsoft Office is high risk? Older systems have widely-published vulnerabilities which criminals can easily spot, exploit and gain access to your important, sensitive data.
- Shutting down your computer
You’re in a rush, it’s been a long day and you’re hastily making for the door. Shutting down your PC just doesn’t seem a priority. But by skipping this simple step you’re showing another chink in your company’s armour to cyber criminals. Shutting down your computer is when all the software, files and programmes are closed and the RAM memory is cleared. Employees must do this to keep security watertight.
- Frequently used passwords
Many of us struggle with remembering the multitude of passwords we need for all variety of permissions. We often think that by using the same password across multiple platforms, it’s easy to keep them in mind. Whilst this may be true it’s also like handing a hacker the keys to your office. Easily cracked passwords or using ones that have been published through a secret databreach can grant very quick access to your accounts.
- Illegitimate emails
Criminals are getting wiser about how they target victims with what’s known as “phishing” attacks. They’ll masquerade as a trusted source over email, instant message or text message. Emails can be cloned to such an extent that they can look truly legitimate. But one wrong click could lead to user credentials, log in details and financial information being stolen in just minutes.
- “Drive-by” attacks
If your internet browser and work devices aren’t configured correctly, users unintentionally can download malicious code whilst surfing the web, without ever knowing. Most commonly this has been seen via objectionable websites but is becoming more common from legitimate sources or social media links because of malicious software (malware).
- False invoice attacks
Outside of your organisation, one of your suppliers could be the victim of a cyber-attack. We’ve heard of many instances were this “highjacking” results in fake invoices being sent to the highkacked company’s associates and clients. These invoices will look realistic and come from a trusted source but meanwhile false payment details have been planted ultimately leading to a loss of funds.
- Social engineering
Many law firms favour using signatures in auto replies and out of offices. However this could be potential gold to a cyber-criminal, as they infiltrate your systems and seek to impersonate your systems as closely as possible.
- Misconfigured Domain Name Service
Your email provider uses DNS to confirm the emails that you receive really come from the true sender. However if your DNS is misconfigured it can easily allow criminals to impersonate your emails and send messages that appear to have come from you.
- Ransomware
This can happen via phishing attacks, malicious social media, outdated software or even USB sticks that fall into the wrong hands. If this happens, criminals limit the victim into using their own software until they pay a ransom. Your machine or server would be encrypted until you pay up.
- Compromised devices
Buying devices from unreputable sources have been known to come with malicious software already installed. It’s imperative to ensure that all your company’s employees are only using approved devices and resources when plugged into the company’s network. Criminals do not discriminate and will go after the weakest elements of your team and exploit this to their own ends.
More information about how to stay cyber safe can be found here.
This article was submitted to be published by Lawyer Checker as part of their advertising agreement with Today’s Family Lawyer. The views expressed in this article are those of the submitter and not those of Today’s Family Lawyer.