Roger Jackson, the chair of the Legal Software Suppliers Association (LSSA) is warning law firms to counter cybercrime threats and the withdrawal of support for Microsoft Windows XP, which means continued use of Windows XP might not meet SRA data security requirements.
Twice recently law firms have been the target of emails purporting to originate from the Solicitor’s Regulation Authority (SRA) but which have not been the case. Spam emails such as these are known as “phishing” and these emails look very convincing and from a cursory glance look genuine. These malicious emails often carry attachments with malware and if not closely scrutinised can appear genuine.
Julian Bryan, of LSSA member company Quill adds “The recent email scam purporting to be from the SRA and targeting law firms demonstrates the need for constant vigilance and risk assessment amongst legal practices. The email concerned carried a cleverly named attachment which had all the hallmarks of an embedded virus. This incident demonstrates the ongoing battle between Microsoft and potentially malicious individuals who create viruses, malware and Phishing scams.
“Law firms in particular need to be sure that their Windows PCs and servers are constantly updated and protected from such issues. This process is facilitated by Microsoft who provide security updates to their supported operating systems. However, from 8th April 2014 – just a month away – support for Windows XP will be withdrawn. This means that Windows XP users will no longer be protected from new security threats, potentially creating risk for law firms. Practices should audit their IT infrastructure and assess their exposure to such risk created by the ongoing use of Windows XP in their business.”
Microsoft is withdrawing support for Windows XP on 8th April and is recommending users to move towards new platforms such as Microsoft 365. It is difficult for the firm to justify supporting an old version. The firm invests in new platforms, such as Microsoft 365, and as users attach new peripherals to old software it increases the risk for a consumer and increases the cost of support for the software vendor. However there are many law firms still using Windows XP who are not going to migrate overnight to new systems, and in many cases legacy software systems will need a lot of work to run on new systems, and continued use of Windows XP might not meet the SRA’s data security requirements.
Another LSSA member, Dominic Cullis of Easy Convey comments “This is a major milestone because the versions of Windows and Office have been widely used in the workplace. Many firms have not adopted later releases from Microsoft. One way forward is to subscribe to Microsoft 365. Subscribers receive future upgrades therefore ensuring out of date unsupported software becomes a thing of the past. Another option is to move your software on to a virtual server with Windows and Office being provided by your legal software provider. With more and more solutions being delivered on a virtual server users are free to work wherever a computer has internet access, therefore enabling more flexible working options.”
Phishing emails are not the only current cyber threat. Be very careful if you are logging into any public WiFi networks. You may not be logging in to the Starbucks or Costa Coffee network that you believe that you are connecting to. Hackers and cybercriminals have the capacity to create what is known as an “Evil Twin WiFi Hotspot” which looks exactly like the bona fide WiFi that you are intending to connect to, with the same name and virtually impossible to distinguish that it is a fake network. So, with unwittingly using a rogue network instead of the genuine one you are opening up your device, whether that be laptop, tablet or smartphone, to the vulnerabilities of the criminal fraternity. To the user the fake network acts supposedly normally, but to the criminal it allows access to eavesdrop on your network traffic, keystroke logging, stealing of account names/passwords or redirecting you to phishing/malware sites, fake financial websites etc.
One way of protecting your data against an evil twin network is to use a Virtual Private Network (VPN), which historically has been limited to being used by large corporates due to the costs involved, but now there are personal VPN services available to End Users on a monthly subscription basis. Another way of combatting a fake hotspot is only logging on to your email and social networking sites using secure HTTPS encrypted pages. Be careful with yours and your clients’ data and we would recommend that you never use a public WiFi for your banking or online shopping purposes.
The message from the LSSA is to be vigilant, make sure your IT security systems are properly up to date and take all reasonable precautions to keep your data safe.