The TalkTalk hack – is cyber security more complicated than we think?
Posted by Andrew Lloyd, managing director of Legal Futures Associate Search Acumen
Lloyd: one of the lowest of the low-hanging fruit is still the oblivious high-street lawyer
The recent hacking of phone and broadband provider TalkTalk has raised plenty of questions among lawyers about how safe the internet really is. Is our information, stored in distant silicon towers, really protected? Has the penny dropped on IT security? Shouldn’t we be more guarded in our acceptance of new technology and systems?
The truth, however, may not only put you at ease but also bring to light a slightly different picture of our misconceptions about IT security. Brace yourself, friends: it’s often human error more than IT that causes hacks and cyber-breaches.
We do need to be aware of a criminal’s motives in order to protect ourselves. A look back at the TalkTalk hack points to profit as a key driver. In this case, the hackers’ motive was to steal names, email addresses, telephone and bank details, possibly to sell to the highest bidder. The target was TalkTalk’s valuable financial data, and reputational damage was just an unfortunate consequence of the calculated and sustained attack.
Since then, TalkTalk has attempted to mitigate some of the damage. Fortuitously, the actual impact was revealed to be ‘materially lower’ than feared, and hackers did not have enough information to break through the credit card companies’ own security checks on online websites.
But when financial gains are at the heart of an attack like this, it means that hackers will no longer only waste their energies on the Apples or Sonys of the world; rather, they’re going to look for weaknesses in all kinds of industries, niche or common, consumer or business facing.
Solicitors need to break out of the mind-set that they’re too small and therefore inconsequential in the eyes of hackers, and take time to consider the sets of information in their systems that have economic value. One of the lowest of the low-hanging fruit is still the oblivious high-street lawyer, unprotected and exposed to cyber-crime because of painfully obvious gaps in security.
The good news is that although cyber-crime is often portrayed by 24-hour news as an act worthy of a Mission Impossible sequel, in reality the average hacking isn’t really blockbuster material; in fact, you can protect yourself by following very basic guidelines.
If you’ve adopted technology quite recently, you’re actually a lot safer than if you are still using old legacy systems from 10 or 15 years ago. Also, if you’re using cloud technology, such as Microsoft’s Office 365 or the Amazon Cloud Drive, these readily available systems already have their own in-built security in place and offer an encrypted database.
One of the major problems suffered by telecom companies, such as TalkTalk, is that their behemoth size makes it harder to keep ahead of the curve and encrypt all their data. Some legacy systems can’t encrypt their database at all to protect against hacks.
Cybercriminals can also attempt to access data through an unsecured Wi-Fi network, so solicitors working from home need to have a powerful alphanumeric password in place – an obvious statement to some, but you won’t believe how many times this needs to be spelled out.
I’m sure conveyancers, with their growing workload, take assignments to a coffee shop, so they need to be aware hackers can use their access to an unprotected Wi-Fi network to wriggle through all the way to their company’s secure system. Be sure to listen to your devices prompting you about an unsecure Wi-Fi. Working from home, in contrast, is much safer.
It’s also important to be organised in the way you arrange and maintain your data. It may even be worth looking at whether suppliers are providing you with well-organised data, and some housekeeping never hurts.
Emails are the biggest gateways to cybercrime, but it’s humans who click on fishy emails at the end of the day. Lawyers need to be sensitive to the kind of information or queries they receive through emails, and detect when something’s off about an email or a phone call. While this may be a matter of common sense to the tech-savvy, a day’s training course can bring the rest of the team up to speed.
While there is a lot of literature to inform lawyers, if it all gets too overwhelming, they should consider investing in external advice. For example, a consultancy can assess the firm’s risks and present a granular solution to all potential threats.
We’re already part of an industry that’s facing the growing risk of conveyancing fraud. It’s only a matter of time before more hackers can gage for themselves the cash cow that is the property market and its ancillary industries.
The attacks are not going to bring back the era of dusty files that’s already on its way out. Technology has kept pace with cybercriminals, so now you should keep pace with technology. To keep these malicious forces at bay, conveyancers and other lawyers need to walk in stride with other industries and keeping looking to the future.
Leave a comment
* Denotes required field