Law Council of Australia launches campaign against cyber threats, better late than never
December 16, 2016 |
The Law Council has announced a campaign to assist law firms against cyber threats.
This has been a significant issue overseas for years. I have posted on the subject ( here). It has been and remains a critical issue for law firms. Law firms hold an enormous amount of personal information relating to their clients. They also hold personal information that belongs to their clients. And intellectual property that can be stolen. And commercial in confidence material that can be used. And police and national security information on occasion.
Cyber precedent is a reasonable, if basic start to the installing proper data security. It has brief over view video
The cyber precedent then breaks down into standard categories such as identifying the types of cyber security risks which provides:
Law practices and lawyers are frequently the targets of cybercrime. There are many different ways in which cyber criminals undertake attacks. Here are some simple explanations of common cyber risks that are everyone should be aware of.
Malware (Malicious software) is any piece of software that is specifically designed to disrupt or damage a computer system. Commonly installed alongside quasi-legitimate software, malware can also be disseminated via email attachments, web browsing and file sharing. Once malware is on the system it can be difficult to detect and remove.
Phishing is a scam where criminals attempt to trick you into giving out sensitive information (like passwords). The scam often takes the form of fake emails that look like they’re from a legitimate organization, like a bank. The emails contain a link to fake website that replicates the real one. From here the criminals steal your information when you enter it, thinking you are on the real website.
Spear phishing is a more sophisticated version of phishing aimed primarily at businesses and organisations. In this exploitation technique the criminal will masquerade as a trusted person, usually someone within the organisation. The criminal will send instructions via a compromised email address seeking the release of confidential information or the transfer of funds.
Whale phishing is a phishing technique that target high worth individuals.
Ransomware is a type of malicious software that infects the victim computer or network. The program blocks you from some or all of your system/data. The program cannot be ‘unlocked’ until a financial figure is paid to the criminals, who then send the victim instructions on how to unlock the data. This is currently a very common exploitation due to its ease of implementation and its ability to extort funds directly from victims.
Web seeding techniques (such as malvertising): This technique seeks to exploit vulnerabilities in frequently visited web sites. The web sites are hacked and used to deliver malicious software through adverts and downloads.
DDoS (Distributed Denial of Services): Whilst not common with smaller entities directly, DDoS is when a service is made unavailable by flooding the target with requests. A DDoS attack is commonly seen taking out large services like email and websites, which has a follow-on effect to smaller entities.
Microsoft Office Macro infections: Cybercriminals are increasingly using Microsoft Office macros, a small program that runs in Microsoft Office applications, to infect a victim’s computer.
For more information on the current state of cyber risks visit the Australian Cyber Security Centre website and download the current ACSC Threat Report.
It also covers in the Essentials section the issue of the Reality of Cyber Security, Moving to the cloud and protecting against Ransomware. It is more useful in the tools section and risk management.
It is a reasonable introduction. But not much more.
[…] Law Council of Australia launches campaign against cyber threats, better late than never […]