Recently I had a firm contact me about an email that one of their solicitor’s had received from who they initially thought was from their client. The hackers or cyber criminals were impersonating their client and had access to an email trail. The question was raised how did they get access to the email trail and naturally, the firm was worried, their email system may have been compromised.
The email had walked straight past the Microsoft 365 email filtering and been delivered to the solicitor’s mailbox. Obviously, kudo’s needs to go to the solicitor in question for noticing the signs in the email that everything was not as it seems and raising it to the person within the firm responsible for IT. That person then contacted us to see if we could work out where things had fallen over.
Through an investigation process we reviewed the email that we were forwarded. Utilising the tools, we have at our disposal, we were able to identify that their clients personal email account had recently had a password listed on the dark web 4 days prior. This combined with additional information provided by the firm led us to conclude that it was likely their client’s personal email had been hacked and contents either copied or forwarded to an outside email address. We advised our contact at the firm, that we would need to get access to the client’s personal email to confirm 100%. Obviously, a smart cyber criminal or hacker, would have removed any evidence, of emails being sent or forwarded.
I know you are thinking so what? What does this have to do with my professional services firm and why should I care? It can seem like this doesn’t affect you at all. There are a number of very important lessons in this situation.
- The need for ongoing cyber security awareness training and making sure your employees or team are aware of the warning signs especially with malicious emails
- The need to have multiple layers of cyber security protecting your professional services firm
- Without the multiple layers of cyber security services, we recommend clients have, it would not have been possible to detect the source
- It goes without saying, the firm may have fell victim to the malware link that had been sent to them by the cyber criminals or hackers
Had this last point happened above this has the potential to cause untold amounts of pain in the form of lost time, stress, monetary loss, fines, lawsuits and much much more.
So how do you avoid falling victim?
Obviously, you want to work with an IT Services or IT Support company with extensive cyber security experience that implements on going cyber security services to monitor the security of your professional services firm’s IT systems 24x7x365.
There must be a multi layered security approach across all your IT systems either in house, in the cloud or a hybrid system. The services must have guaranteed response times and you must know how long the data is going to be retained for.
While you have no control of your client’s cyber security controls and mechanisms, this is why you must have, ongoing 24x7x365 external security monitoring of your systems. This then allows us to detect when something has happened, even if a cyber criminal or hacker has tried, or succeeded, to delete the evidence of it occurring from your systems.
You also want to view your IT and Cyber security protections and overall technology platform as an investment into your professional services firm. One thing you may not be aware of is the return on investment in your professional services firm can produce 100% to 200%. An excellent return on investment in the stock market is between 6% and 8% per annum. Naturally, the investment in your professional services firm is the winning strategy. As a professional services partner or director, you must learn to think, make decisions and act as an INVESTOR if you truly want to get ahead, understanding the value of time. Especially your own.
Combine robust IT and cyber security solutions and secure the future of your professional services firm today.
Book a free initial consultation and let us show you
- How we deliver you enhanced peace of mind.
- How we can increase your team’s productivity.
- How we protect your personal and professional reputation as well as your livelihood.
- How to ensure you do not suffer the devastating consequences of a cyber-attack and we guarantee it.
- How to be a hero to your clients.
- How to get that return on investment you deserve from your professional services firm.