Law in Order is now in week two of its hacking / ransomware crisis.
The company had to shut down systems, disrupt operations and face a public relations nightmare. As its systems are brought back online, the company has not disclosed whether it paid the blackmailers.
In its latest update (3/12/20) Law in Order advises:
We have already taken additional steps to enhance the security of our network, including:
- Deployment of advanced endpoint monitoring across all servers and workstations
- Improved log collection, correlation and monitoring
- Password changes and implementation of multi-factor authentication
We are continuing to review what additional steps we can take to improve the security of our systems and will continue to implement improvements in the coming weeks. We have received no reports, nor identified any evidence to indicate that any Law In Order client network has been attacked as a result of this incident.
When this incident occurred, we implemented a response strategy to investigate the threat actor’s activities, safely restore our systems and prevent potential disclosure of client information. We are continuing to monitor and manage the situation closely, and if we have concerns about, or if we identify any data misuse, we will be in touch with the affected organisations or individuals directly.
Law in Order is perhaps now better placed than ever to give advice to others:
…. we remind everyone to be vigilant about cyber safety and follow best practices. Be alert to telephone, SMS, email and social media phishing scams requesting personal information or payment of money. Never open attachments from unknown senders, and always check that any email is legitimate before responding. If you receive a suspicious email from a known source, especially regarding the transfer of funds, contact the recipient via another trusted channel using their usual contact details such as their telephone number, to obtain verification.
Cybersecurity and fraud awareness webinar
A timely webinar, in no way related to the Law in Order incident, is being put on by legal IT, provider Practice Evolve.
The webinar will cover:
- The main threats facing law firms from cyber and fraud attacks
- Examples of cyber and fraud attacks targeting UK businesses and key lessons learnt
- Guidance on the critical steps to avoiding a cyber or fraud attack
Webinar date and time: Thursday, Dec 10, 2020 11:00 AM