Is your return to work cyber safe too?
In analysis / By Mark Lee / 28 July 2020
As UK business begins to return to a semblance of normality, we are seeing many of our law firm customers un-furloughing more of their staff in response to an uptick in business activity. Speaking to the IT Director of one mid-size general practice firm last week that had furloughed 80 employees from April to June, they now expect to have two thirds of staff back working by 1st August. But plans to return to the office for many remain on hold with homeworking remaining the preferred model for most firms that we work with.
For many firms, homeworking has proved to be effective although not without challenges. We know of several firms tied to physical phone systems, an in-office PBX for example, that have had to resort to using mobile phones and redirecting inbound calls in a slightly haphazard and costly fashion. And in the early stages of the pandemic we helped numerous firms to quickly upscale their remote access services to support a mass increase in remote working.
But one area where we have seen and expect to continue to see challenges, is cyber security. Suddenly, employees are now working remotely and connecting to the internet often outside of the corporate security perimeter. Unfortunately, in a climate where cyber criminals have stepped up attacks, the risks of breach have dramatically increased. As a business, we take cyber security extremely seriously and we were delighted that Nasstar’s parent company, GCI was recently awarded ‘Best Managed Security Service’ as well as being shortlisted for ‘Best Incident Response Team’ in the highly prestigious SC Awards Europe.
Over the last few months, Nasstar has deployed Endpoint Protection solutions to help counter the threat of cyber criminals targeting homeworkers. And we are also providing Office 365 health-checks for lots of firms as email is very often the preferred target for criminals. Throughout June and July, we checked 23 Office 365 tenancies of which 17 showed signs of compromise and a high proportion of these fell into the category requiring ICO notification.
The longer a cyber breach goes undetected, the greater the ramifications will be. If >30k pieces of personal data are stolen, then this is considered a large breach by the ICO. It is worth remembering that a large proportion of all email contains personal data, so an undetected Office 365 breach can very quickly become a serious problem, potentially resulting in a legal obligation for you to notify every individual involved. The costs of all of this can be very significant, even before we think about the potential for fines from the ICO. So, our advice is to take sensible precautions including checking your email systems for signs of compromise regularly.
In light of all of this, Nasstar is currently offering complimentary Office 365 health-checks to all UK law firms and other regulated businesses. If you are interested in this service, please contact us via firstname.lastname@example.org.