Sign Up for our Free Newsletter
menu
Solicitors Journal Homepage
Managing DirectorTechn22
Quotation Marks

… how do you ensure that all your users who connect remotely, are bona fide users, and not someone who has hacked a compromised account?

Cybersecurity for solicitors

Mon Oct 31 2022Feature
Cybersecurity for solicitors

Gareth Dalton explains his work to protect firms from cyber breaches

The covid-19 pandemic saw a significant increase in the adoption of remote working, with employers offering the tools required to facilitate this shift in working practice. More and more businesses now see the agile advantages of running their platforms within a hosted or cloud environment, with users able to access information and data from the majority of internet-connected devices, such as laptops, tablets and smartphones. 

Whilst having on-premises infrastructure by no means guarantees a secure environment (far from it in fact), how do you ensure all your users who connect remotely, are bona fide users, and not someone who has hacked a compromised account? 

With data breaches and compromised user credentials steadily increasing over the past decade, hackers are being completely indiscriminate when abusing this data. They don’t care who it is or what the business does – if they can exploit it, they will.

Data

A recent report by the Department for Digital, Culture, Media & Sport (DCMS) found “in the last 12 months, 39 per cent of UK businesses identified a cyber attack, remaining consistent with previous years. More so, it suggested it is businesses with enhanced cyber security that make up this number, suggesting less cyber-mature organisations are underreporting.

“Of the 39 per cent who identified as being attacked, the most common threat vector was phishing attempts (83 per cent). This is where a form of communication such as email is used to solicit user credential information. 

“Around one in five (21 per cent) identified a more sophisticated attack such as malware, denial of service or ransomware attack with 56 per cent of these businesses having a policy not to pay a ransom.”

There are a number of solutions your firm can adopt to help you with cybersecurity, particularly around the security of user accounts. Securing this user gateway into your systems is paramount, especially as the human aspect of unwittingly falling for a phishing attempt and publishing user credentials is on the rise, as these emails get increasingly sophisticated and difficult to spot.

Multifactor Authentication (MFA)

This additional security layer to the user sign-in process is becoming more and more common within businesses of all sizes. 

Generally, we find users are initially resistant to change – but, in reality, it quickly becomes part of the routine. You need to remember MFA has been around for many years now, but is normally associated with financial institutions such as banks, pension providers and investment savings. 

MFA is applied after the user enters their username and password. Before access to your systems is granted, a further authentication method is presented to the user, which they will have to pass in order to successfully log in. 

This authentication method could be in the form of a text to a nominated mobile phone, an automated call to a nominated landline, or to an app on a mobile device, which may require modern techniques such as biometric or facial recognition.

Should the situation arise where your credentials are leaked, the chances of a potential hacker also having access to a separate authentication method are low, thus reducing the risk of a security breach.

In addition to MFA, a further step to secure your systems could be to introduce some risk management in the form of Identity Protection. This is available on the Microsoft Azure platform.

Microsoft Azure ‘Active Directory Identity Protection’

Azure is a cloud platform provided by Microsoft. It offers a range of business cloud and virtual services, including storage, analytics, networking and computing. Azure Active Directory is the service that controls your users' access to Azure, via a Windows Virtual Desktop application.

A compromise of Azure Active Directory exposes your business’ infrastructure and creates a significant area of attack leading to data breaches, loss of brand reputation and a financial loss to the business. Previously, the weakest link in systems security was the human element through phishing or malware.

Microsoft Azure Active Directory Identity Protection helps detect, remediate and investigate potential issues with unauthorised access, enabling your firm to stay on top of suspicious sign-in behaviour within your environment. It does this by allowing environment administrators to accomplish certain key tasks:

1. Automate the detection of identity-based risks

Automation is an important part of identifying risks efficiently. Risk policies are created to set the criteria for what may be classed as a risky user. Risk can be detected at a sign-In and user level both in real-time and offline. 

Sign-in Risks

As Microsoft describes it, a sign-in risk is the probability an authentication request wasn’t authorised by the identity owner. Every Azure Active Directory sign-in undergoes real-time assessment to calculate user and sign-in risks, which can be none, low, medium, or high. Organisations can define sign-in risk-based policies to automatically remediate sign-in risk – a sign-in can be blocked, or a user can be required to use MFA to confirm their identity. 

An example of this may be two attempted sign-ins from geographically distant locations, where at least one of the locations is the typical location for a user, given previous login behaviour. It will also take into account the time between the locations, highlighting the fact it would be impossible to travel that distance between sign-in locations.

Another example would be a sign-in attempt that differs from the norm. Azure stores information about previous sign-ins and will trigger a risk detection unfamiliar to Azure. These unfamiliar circumstances could be IP, location, browser, or device-based. New users will automatically be in ‘learning mode’ for a dynamic period long enough for Azure to gather enough information about the user’s sign-in patterns.

User Risks

User risk is the probability an identity is compromised. Much like when evaluating sign-in risks, Azure Active Directory Identity Protection analyses suspicious actions every time a user signs in. Organisations can define risk-based policies to automatically remediate user risk - a user can be blocked, asked to pass a MFA challenge, or made to securely change their password.

An example of this may be leaked user credentials. When your credentials have been compromised, these would normally be published on the dark web or traded on the black market. The Microsoft Leaked Credential Service monitors these areas and is then checked against Azure Active Directories current valid credentials. If it detects a leak, the account will be disabled for investigation.

In addition to sign-In and user risks, Microsoft monitors known attack patterns across its global Azure user base and applies this internal knowledge as well as those from external intelligence sources into its algorithms.

2.  Investigate Risks

Once Microsoft Azure Active Directory Identity Protection has identified and contained the risk, it needs to be investigated. System administrators are notified of the risks where manual action can be taken, if needed. 

Administrators are informed about the users at risk, details about the detection, a history of all risky sign-ins and the risk history. Action can then be taken to either reset the user password, confirm the user has been compromised, dismiss the user risk or block the user from signing in.

Conclusion

Referring to the report mentioned above, the DCMS concluded: “cyber security is now seen as a high priority by a greater proportion of businesses than in previous years driven by a good high-level understanding at the senior level of the risks of cyber-attack and the use of cyber security experts helping organisations practice good cyber hygiene.”

However, the DCMS report continues – there “remains a lack of technical know-how expertise within smaller organisations. Many organisations remain in a reactive approach to cyber security rather instead of proactively driving improvements.” 

Additionally, the report goes on to say that “organisations do not tend to engage with industry standards such as Cyber Essentials. Uptake for these is still in the minority. There is a low awareness overall, and those that are aware do not feel accreditations are tailored enough for their needs, meaning they cannot meet criteria.”

The introduction of MFA  drastically reduces the risk of compromised accounts being hacked. Introducing it into your environment should not be the headache it is maybe perceived to be, especially if you explain users have been using MFA for years for online banking and purchases.

Adding Microsoft Azure Active Directory Identity into the equation, if your platform is Azure, creates a robust, intelligent environment that will keep you, your firm and your users safe.

Gareth Dalton is managing director of Techn22, offering bespoke IT Support and iSolutions designed to support businesses in effectively deploying IT and cloud technologies enabling end-users to achieve their strategic goals: techn22.co.uk

Tags:
AdvertisementAdvertisementAdvertisementAdvertisementAdvertisementAdvertisementAdvertisementAdvertisement
Latest News

Parents and carers to be given new employment protections

Fri May 26 2023

Committee finds plans to level up the country risk failure due to funding concerns

Fri May 26 2023

Government consults on enforcement mechanisms for animal health and welfare offences

Fri May 26 2023

Government expands legal aid eligibility

Thu May 25 2023

Council of Europe identifies serious concerns affecting minorities in the UK

Thu May 25 2023

ONS finds international migration to the UK hit new high in 2022

Thu May 25 2023

Government consults on plans to reduce reporting burdens on businesses

Wed May 24 2023

Committee report finds government not taking harms from alcohol seriously enough

Wed May 24 2023

Committee seeks views on the Digital Markets, Competition and Consumers Bill

Wed May 24 2023
Featured
A closer look at the trademark dispute between retail giants Lidl and Tesco
FeatureThu May 18 2023
A closer look at the trademark dispute between retail giants Lidl and Tesco

Angela Jack dissects the recent ruling in Lidl Great Britain Ltd & others v Tesco Stores Limited & others [2023] EWHC 873 (Ch)

The UK maternity care crisis: £5bn in avoidable damages claims
FeatureThu May 18 2023
The UK maternity care crisis: £5bn in avoidable damages claims

Billions of pounds in NHS damages claims could have been avoided had recommendations from past reviews been followed by action, argues Kerstin Scheel

Understanding Chinese underground banking and the risks
FeatureThu May 18 2023
Understanding Chinese underground banking and the risks

Laurence Howland explores the mechanisms of Chinese underground banking and the red flags

The building blocks for a successful collaborative culture
FeatureThu May 18 2023
The building blocks for a successful collaborative culture

Chris Marston explores the ways in which law firms can establish a powerful collaborative culture

SJ Interview: James Fulforth
SJ InterviewThu May 18 2023
SJ Interview: James Fulforth

The Solicitors Journal spoke to James Fulforth, Kingsley Napley’s newly appointed Senior Partner, about his experiences in the law, his thoughts on the UK’s tech sector and what he hopes to achieve in his new role

Long-awaited reports and controversial bills dominate
ForewordTue Apr 25 2023
Long-awaited reports and controversial bills dominate

Sophie Cameron takes a look at the news in the April Foreword