How to reduce your cyber risk through Cyber Essentials Plus
In September of this year the Solicitors Regulation Authority (SRA) published its report entitled “Cyber Security – A thematic review”. This report is based on a selected sample of 40 firms that were interviewed about their experiences with cybercrime. The report outlined their findings in five key areas:
Cyberattacks
People
Technology
Support
Reporting
Key highlights from the report are:
Three quarters of the firms (30) reported that they had been a target of cybercrime. If we compare this to the latest figures from the National Cyber Security Centre (NCSC) that states that approximately 50% of small and medium enterprises will experience a cyber-attack we can see that the Legal sector is more likely to get attacked compared with other comparable size businesses.
As the first line of defence against cybercrime, it is important that your staff are knowledgeable and that adequate training, polices and controls are in place. The report found that 8 firms had never provided any specific cybersecurity training for their staff and that only two-thirds of firms claimed to be “knowledgeable” about cybersecurity.
Most firms had introduced adequate and appropriate systems with 93% having firewalls in place and 87% used anti-virus software. However, there were other practices that made firms vulnerable, such as out of date software and external data sticks being permitted to being plugged directly into their machines.
Three-quarters of the firms rely on commercial IT specialists for their IT/cyber support but identified that 2 firms had been exposed to fraudsters due to poor advice from third-party providers. 5 firms had the Cyber Essential Plus certification, with a further 16 working towards this.
Even though security incidents are required to be reported to the SRA, the report found that 7 significant incidents were not reported, despite being clear and significant breaches. 29 of the 40 firms reported incidents to the SRA and a further 23 firms informed law enforcement following a cybercrime incident.
The report highlighted that firms with Cyber Essentials Plus accreditation were more likely to have policies and procedures in place to protect themselves from future cyber security incidents. Sixteen firms were not aware/interested in the scheme and the report showed that these firms were either poor or poor in certain places.
Cyber Essentials Plus is a government backed scheme that helps organisations to protect themselves from common online threats and covers people, process and technology. This will include a scan, which Stratia can perform remotely negating any onsite issues.
Stratia Cyber were one of the earliest adopters in the UK of the Cyber Essentials Scheme and have assisted businesses from all sectors successfully through the process. We are technology agnostic and not aligned with any IT providers. As we are already one of the few Cyber Security Consultancies accredited by the NCSC, you can be assured that you will get the most up to date, pragmatic cyber security advice, ensuring that your firm is prepared for any cyber eventuality.
If you would like to reduce your risk to cyber-attack, please contact us on cyber@stratiacyber.com to arrange a no obligation consultation with one of our cyber risk experts.
