Are your staff your firm’s biggest security risk?

by | Feb 15, 2022 | Legal Firms

Well meaning mistakes that could cost you

Despite the best technology defenses (next-gen firewalls and antivirus, advanced threat protection, mail washing,  web filtering, regular patching) infections and security events can still occur due to what is often the biggest risk – your staff.

Social Engineering Protection

Whilst attacks that use “social engineering” have been around for a long time, they are now common-place and every business will be targeted.

It is no longer realistic to say “it won’t happen to me”. 

Attacks such as “Spear phishing” uses spoofed emails purporting to be from the CEO to convince a finance person to transfer money to an unintended recipient. They often know a lot about your company (e.g. who your key staff are, and if they are out of the country) and can be very convincing. As they are plain text, they cannot be blocked by technology.

Another common attack involves harvesting information and then sending very realistic invoices to your customers with a different bank account number.

 

Mitigating Risks

Regularly training of staff on good security practices, and updating them on the latest security threats, can help mitigate the danger of security risks impacting your business. We have done this training for other clients via short presentations, e-Learning tools or via internal marketing campaigns using posters and email newsletters.

The other big thing that was a “nice to have” and is now a “must have” is two factor authentication for cloud services. This means that staff need to authenticate using a username and password, and then also approve the login using a mobile device. This is the best way to prevent hackers around the world from gaining access to your staff’s accounts.