A prestigious, specialist solicitors firm suffered a data breach. The breach resulted in a fraudulent bank transaction attempt aimed at one of its clients.
The Solicitors Regulation Authority advised the firm to find an ISO 27001-certified cyber security specialist to rectify the breach and improve its cyber security for the future.
Intersys has extensive experience working with highly regulated industries including the legal sector. We recognise the added responsibility borne by legal firms to protect their information security when dealing with sensitive (financial and personal) client data.
Information security assurance is a core pillar of our service. Our own ISO 27001-certification ensures that we follow best practice in information security management systems. And it’s this approach that is behind our advice to clients as well.
We investigated the potential source of the breach and reviewed systems to ensure they were aligned with information security best practice.
We began by conducting a detailed information security analysis which revealed that an employee’s mailbox had been compromised and used as a gateway for further hack operations.
Our main recommendation was to enable multifactor authentication on all Office 365 accounts which severely restricted the ability of external attackers to access email settings online.
The rest of our recommendations centred around what the client could do to improve its information security process and practices for a more robust security posture.
Our guidance covered everything from improving end-user-device security and user policies, to the importance of educating staff on how to recognise fraudulent or suspicious activity.
This tailored advice helped the firm to systematically improve its security and further reduce its vulnerability to future breaches.