Cyber-attacks are quickly becoming one of the most persistent threats to organisations all over the UK. According to a recent Cyber Security Breaches Survey, undertaken by the UK Government, around a third of businesses have reported a cyber security breach or attack in the last 12 months. So it was no surprise when Hansel Henson, intellectual property and digital media lawyers, sought the services of Stripe OLT. As a UK top 500 law firm, that’d recently received a number of inbound phishing email threats, Hansel Henson knew that they had to act to ensure their client data was protected!
So, where did we start?
The first step was to carry out a full system cyber GAP analysis, which essentially identifies vulnerabilities in a company’s existing security environment. By looking at these vulnerabilities and points of weakness, we were able to show Hansel Henson where they were at risk and how their security issues could be resolved. Ultimately allowing us to help them make improvements to their security controls, policy and processes.
Step two was to implement the necessary changes to their security network:
- We turned on multifactor authentication: MFA is used to ensure users are who they say they are, and requests two or more pieces of evidence to successfully allow users access to their device. By enabling MFA users can reduce attack risk by almost 80%!
- We carried out an internal security audit where we examined their wireless infrastructure, firewalls and switches; by checking their configuration and policies we were able to alleviate the risk of unauthorised user access. For example, as a method of first line of defence, we blocked ports on specific firewalls to limit certain types of inbound and outbound traffic.
- We implemented advanced spam and malware filtering so any future phishing emails, which are the most common attack vectors in today’s threat landscape, would be blocked.
- We also implemented security policies to control and manage updates, this ultimately ensures the network remains secure and any vulnerabilities are addressed – Keeping Hansel Henson one step ahead of the threat!
On top of technical implementation, Hansel Henson were also given cyber security training, which covered essentials like:
- How to spot a phishing email; we ran a series of spoof email campaigns so employees could identify the methods used by hackers to gain access to company data.
- How to spot a whaling email; this is an extension of a phishing email, but this type of threat usually targets senior management and contains legitimate or official information.
- How to comply with methods of cyber security best practice; we educated Hansel Henson on topics such as password protection, open and closed WIFI networks and pop ups. Which are all essential when it comes to ensuring personal security!
This two fold solution of technical security implementation and staff training has ensured Hansel Henson are not only protected from malicious external threats, but also safeguarded internally. At Stripe OLT, we think cyber-security education is not just essential for every business, but crucial for every employee!