The explanation is simple but could be worrying for companies that aren’t managing risks to their business. The cyber threat to UK legal sector report has details about a £35,000 loss to a mid-sized law firm with a multi-million pound turnover from a phishing attack.
A combination of social media posts from a senior partner and another staff member allowed cyber criminals to send an accounts clerk a credible looking email from an account spoofing the senior partner’s email address, instructing them to pay an invoice and imploring confidentiality. The criminals were able to persuade the accounts team to bend the strict processes about payments, under the pretext of urgency, confidentiality and seniority. And they only found out about the loss when another senior partner later queried the transaction.
The firm’s response was good – to look at the whole business and risks from staff, policies, procedures and technology. When the firm was subject to a subsequent phishing attack worth £100,000, it successfully defended itself.
Get in touch if you have concerns about the measures in place to protect your business against cyber criminals. We can do a risk assessment to provide you with a complete view of strengths and weaknesses and a detailed action plan to address them. And if you want help to implement and test them, we can do that as well.
t: +44 (0)7941 188462