Cyber security report for UK law firms – Welcome, but doesn’t go far enough

Law firms are a highly prized target for a specific type of cyber attacker.

Unfortunately for us the traits of that type include;

  • High degree of business acumen
  • Understanding of organisational behaviour
  • Emotional intelligence

Worst of all, they have patience. These malicious actors can afford to play the long game. Employee data is freely available, from the SRA ‘Find a Solicitor website, and the industry’s fashion to advertise employees’ roles and contact details on their own website. This presents a large, low cost database to attack.

And attack they do. As the National Cyber Security Centre’s recent report, ‘The cyber threat to UK legal sector‘ points out reported incidents have increased nearly 50% over the last five years.

It’s a welcome report and could help in getting a cyber security conversation started in a practice. From our own, albeit anecdotal, evidence we block more highly targeted threats against our legal clients, compared to our non-legal ones.

However, we don’t believe the report goes far enough or is clear enough in its recommended actions that a law firm should take. With just a little investment, cyber security protection can be greatly enhanced.

Email phishing is a great example. Unless you are a multinational corporation, your email server probably resides in the UK. Many of the phishing emails you receive, spoofed to appear to come from a senior partner, will come from outside of the UK. An email filtering service, that probably costs less per month than a typical employee spends on coffee to go per day, could block those emails before they reach a colleague’s inbox.

At Abtec we take a layered approach to cyber security. Extending beyond technology, our approach encompasses an organisation’s processes and people. This way we can help protect your online and offline assets and reputation.  See how we help other law firms get the most from their IT investment.

Call us on 01858 438 500 to find out how we’ve helped protect other law firms against cyber security threats.


Cyber security’s weakest link?

Recent penetration testing conducted against higher education institutions demonstrated a “100 per cent track record of gaining access to a higher education institution’s high value data within two hours.” 

Was this directly due to a lack of cyber security technology exposing these institutes?  Possibly not.  The method of attack used in this research was electronic social engineering, specifically spear phishing emails.

So are we humans the weakest link in cyber security?

Many spear phishing emails will spoof the recipient’s domain name, more often than not appearing to come from a senior colleague.  The emails will request either a supplier payment be made or an action that requires the opening of an attached document.  That sophisticated knowledge or the recipient’s organisation is what makes these emails so successful. 

But there are steps we can take to protect our organisations.

Actions to take

There are a host of ways in reducing your risks of falling foul to phishing emails, here are two examples.

Block your own domain

If you have an email filtering service you could block emails with your own domain if the email doesn’t come from your mail server.  A good mail filtering service will enable legitimate emails with your domain that aren’t sent from your mail server, such as an email marketing engine or an online CRM system, to get through.  This action can reduce the volume of threats received.


How many times have your colleagues had training on how to spot phishing emails?  Maybe not many.  There are several simple steps that every user can take to help identify phishing emails.  Arming users with that information, and then checking their actions with organised phishing email testing can reduce the number of malicious emails acted upon.

Want more?

Reducing the quantity of phishing emails a user receives and empowering users to spot them are just two ways in which we can help you reduce your risks from these attacks and strengthen your security.

Call Abtec on 01858 438 500 today to find out how we can help you reduce your risks.


Collection #1 – #5 Data Breaches: Time to review your security

It’s only February and two huge data breaches have already been identified.  Collection #1 and Collection #2-#5 contain an estimated 3 billion email addresses and passwords. 

You can find out if you’ve been affected here:

This is yet another reason to review your IT infrastructure’s security measures.  Network and infrastructure attacks take many forms.  These data breaches raise potential vulnerabilities in remote network access and email security.  Unfortunately, many people will still use the same password, or variations on a password, across multiple applications.  Forcing colleagues to use strong passwords is the first step in improving security, and implementing a rule to change passwords at regular intervals can help too.  However, these can open other security issues, for example people sticking passwords to monitors in plain view of everyone else!

There are better strategies to take in securing your infrastructure.  Contact Abtec on 01858 438 500 to book a security review to identify the best for you.

Also, download our Building Better Disaster Recovery Plans guide to find out more ways to prevent unplanned interruptions to your infrastructure.


Be Prepared

No one likes interruptions to their IT services, they cost time and money.  As the nights draw in, it’s a good opportunity to review how prepared your infrastructure is to combat disruption.

We’ve built a guide, download it here, to help you perform that review.  It’s called ‘Building Better Disaster Recovery Plans’.  The point behind it is that we spend time creating DR plans for high impact, low probability events, but often it’s the small, everyday disruptions that cause more problems.

In this guide we share some of steps we take with clients to reduce IT disruption.

As ever, if you need any support improving your IT infrastructure’s preparedness for disruption give us a call on 01858 538 500.  We’ll be happy to help.


Veeam Cloud Connect Free Trial

To celebrate the launch of our Veeam Cloud Connect service we’re giving you the opportunity to take a free trial. You can test drive the service for a month to see if it improves your backup regime.

Veeam Cloud Connect tackles an ever present problem for IT managers; off-site backup storage. The issue of  limited bandwidth and growing data volumes rendering backing up off-site too problematic.

Cloud backup

Not for much longer though. You can now strengthen your off-site backup regime with Abtec and Veeam Cloud Connect. We can store your primary or secondary Veeam backups in our secure cloud. Our Veeam optimised network connections can help speed up your backup and recovery process.

Free trial

Find out more about the Veeam Cloud Connect service here, and apply for free trial.  It could change your backup regime forever.