You may have seen that we recently posted a short piece about our approach to Managed IT for the legal sector - one of the key points discussed was our focus on Microsoft and Citrix technologies. In this week’s blog I want to look into this area in a little more detail.
A few weeks ago we wrote in one of our blogs, cyber-security-lessons-for-law-firms “….for law firms the safety and security of their own and clients’ data is not only a legal and compliance requirement, it is also essential to their….survival.”
Why are law firms such an attractive target for hackers?
This is a question worth considering because the reasons behind the hacking of law firms can serve to better illustrate the security needs peculiar to law firms.
Take the example of New York law firms Cravath Swaine & Moore and Weil Gotshal & Manges. According to reports in the Wall Street Journal and Fortune during 2016 both these prestigious firms were hacked in an insider-trading scheme that involved planned mergers. The motive was clear, financial gain. And what better way to get information about future corporate mergers than to target firms active in the M&A market. Both firms it should be said denied that there was evidence of anyone benefiting from the hack although they did not deny that there had been a hack.
In 2012 Bloomberg reported that Wiley Rein, one of the largest law firms in Washington, DC was hacked - reputedly by Byzantine Candor, linked to the Chinese People’s Liberation Army. Of course accusations of cyber attacks by nation states are easy to make but harder to prove. At around the same time twenty other companies including nine law firms were hacked by the same or linked groups. The motive was apparently industrial espionage and the reason these specific law firms were targeted is instructive to consider.
All the law firms hacked were engaged in activities relating to China: pursuing trade claims on behalf of US firms against Chinese exporters or acting on behalf of oil & gas companies drilling or bidding for drilling rights in seas near or claimed by China. In the case of Wiley Rain the firm was acting on behalf of SolarWorld which at that time was also hacked by the same group (Byzantine Candor). Why?
SolarWorld was scaling up for mass production of Passivated Emitter Rear Contact (PERC) solar cells, one of the first manufacturers in the world to do. At the same time they were fighting a trade case against the importation of solar cells from China citing unfair competition. Engineering and other IP was stolen and coincidentally a Chinese solar cell manufacturer brought a PERC solar array to the market 18 months before they were expected to do so.
Wake up call
It may surprise you that up to 80% of IT security breaches may originate in the supply chain. Some of the most high-profile hacks were at Target, Home Depot, Sony, Sears and JP Morgan Chase. The scale of the hacks are staggering. The Home Depot hack involved the compromisation of 65 million customer accounts and JP Morgan Chase had an impact on 7 million businesses. Perhaps the most interesting was Target, not only did the hackers gain access to the personal information of some 70 million customers but the manner in which they did so is illuminating. They breeched security by stealing network credentials from Fazio Mechanical Services, a provider of heating, ventilation and air conditioning (HVAC). How did they steal them? By stealing credentials from a supplier to Fazio. So at two removes Target was compromised through its supply chain. The other noteworthy point was that this was a HVAC supplier, what could have been stolen if it was a firm of external auditors doing work in Target, or a management consultancy – a corporation the size of Target surely had a few management consultants working on something at any one time. Or even more lethal, the law firm(s) used by Target.
Why it's so important
For law firms the safety and security of their own and clients’ data is not only a legal and compliance requirement, it is also essential to their growth - and even survival. You only need to think of the recent ‘Panama Papers’ hacking news story at the law firm Mossack Fonesca, which earlier this year announced it would cease trading, to appreciate just how important it is.
Anyone working within or for the legal sector know that legal professionals today are under a lot of pressure to be more responsive, more efficient and more cost-effective. This is all set against a backdrop of rising security threats and more technology options than ever before.
Today (Friday 25th May), is the day when the European Union’s General Data Protection Regulation — better known as GDPR — officially takes effect. Its effects have been far reaching and you’ve no doubt been bombarded with emails from services and products you use or own because of it.
Despite some people claiming they never have enough time, we all share the same 24 hours in a day. And now, more than ever perhaps, it seems like those 24 hours are just not enough. In the digital age, people feel more overwhelmed than ever and most of us would love more time – not necessarily time to do more work, but more time to do what we love. Microsoft have recognised this and made Windows 10’s most recent updates geared towards helping you reclaim the most precious of assets – time.
Virtuoso is delighted to announce that we have become a Corporate Partner of the Royal Aeronautical Society, the world’s only professional body dedicated to aerospace.
Founded in 1866 and with its HQ in Mayfair the Society promotes the highest professional standards and provides a central forum for sharing knowledge. This is one of the reasons why Virtuoso, a much younger organisation but with a similar approach to standards and knowledge, decided to become a Corporate Partner.
Other considerations are the many briefings (open only to Corporate Partners) with a wide range of speakers and topics as well as the excellent networking opportunities these offer to our clients. The quality and range of meeting rooms and hospitality gives Virtuoso the opportunity to host customer meetings in the heart of Mayfair in surroundings that contribute to every discussion.
Virtuoso is proud to sponsor the Honourable Company of Air Pilots London Schools Gliding scheme.
This offers students of secondary schools and academies in London the opportunity to take part in a heavily subsidised day out at a British Gliding Association (BGA) Gliding Club. For only £8 each (the commercial rate is usually £90-100) students will receive a flight in a glider under the instruction of an experienced qualified instructor.
Smiles are the order of the day and not just because of the excitement of flying! Students enjoy the structured environment of an operational airfield and grow in confidence as they engage with others including the committed and enthusiastic volunteers without whom this scheme would not be possible.
Feedback from schools has been very positive as students develop teamwork and communication skills and start to see broader horizons and new education and career options.