Member Article

Professional services firms must shut down security risks

DESPITE being highly sought after targets for computer hackers, the vast majority of law firms and professional services businesses fail to take adequate precautions when it comes to storing client data according to research by leading IT consultancy firm, ITWiser.

Research by ITWiser, which is a division of chartered accountancy firm Clough & Company, found that 90 percent of businesses don’t have sufficient IT security in place to protect client data from hackers, disgruntled employees and outsiders logging onto their networks.

The research looked at more than 60 of Yorkshire’s leading law firms and professional services providers, which often hold a wide range of sensitive data about clients including personal details, medical records and financial information.

Another survey from KPMG also that found 74 percent of IT and HR professionals, working at firms with more than 500 staff, believe cyber challenges require specialist skills and 70 percent admit they lack expertise when it comes to data protection and privacy. More than half said they would consider hiring a hacker or someone with a criminal record in order to overcome the problem.

Martin Clark, who heads up ITWiser and is certified to work as an ethical hacker, explains: “Nowadays computer hackers are continually in the news with a number of high-profile incidents taking place recently such as Microsoft’s hack and Sony’s blackmail attack. However, in most cases computer hackers can reap far higher rewards by targeting small organisations that hold valuable data and are unlikely to have layers of security and dedicated teams to protect their networks.

“This makes law firms and professional services organisations particularly at risk and we’ve seen several cases in recent months where hackers have entered systems and accessed a huge range of sensitive and personal data. The majority of these types of firms have very little security in place and in many cases, it’s the equivalent of leaving the office door wide open at night.”

Martin adds: “There are a huge range of precautions that SMEs can take to protect themselves and an ethical hacker can test the robustness of the network. In addition to installing standard security products, lots of security breaches are caused by employee behaviour, often without users even realising it, so all networks should use software to log behaviour and identify external devices that connect to it. None of these things cost the earth and will highlight potential security risks on an ongoing basis.”

ITWiser provides a full range of independent IT services including cloud computing, system audits, risk assessments, support programmes, network services, testing, security services and impartial advice when it comes to buying systems and equipment. For details about ITWiser and its services visit www.itwiser.co.uk

This was posted in Bdaily's Members' News section by Steven Wright .