Contact Us On
Recently I had a firm contact me about an email that one of their solicitor’s had received from who they initially thought was from their client. The hackers or cyber criminals were impersonating their client and had access to an email trail. The question was raised how did they get access to the email trail and naturally, the firm was worried, their email system may have been compromised.
The email had walked straight past the Microsoft 365 email filtering and been delivered to the solicitor’s mailbox. Obviously, kudo’s needs to go to the solicitor in question for noticing the signs in the email that everything was not as it seems and raising it to the person within the firm responsible for IT. That person then contacted us to see if we could work out where things had fallen over.
Through an investigation process we were able to identify that their clients personal email account had recently had a password listed on the dark web 4 days prior. This combined with additional information provided by the firm led us to conclude that it was likely their client’s personal email had been hacked and contents either copied or forwarded to an outside email address.
I know you are thinking so what? What does this have to do with my professional services firm and why should I care? It can seem like this doesn’t affect you at all. There are a number of very important lessons in this situation.
- The need for ongoing cyber security awareness training and making sure your employees or team are aware of the warning signs especially with malicious emails
- The need to have multiple layers of cyber security protecting your professional services firm
- Without the multiple layers of cyber security services, we recommend clients have, it would not have been possible to detect the source
- It goes without saying, the firm may have fell victim to the malicious software link that had been sent to them by the cyber criminals or hackers in the email
Had this last point happened above this has the potential to cause untold amounts of pain in the form of lost time, stress, monetary loss, fines, lawsuits and much, much more. This was one of the most surprising aspects a CEO found after they suffered a ransomware attack, which you can read more about here.
In a separate incident the firm in question had the directors email account hacked about 6 months later. Unfortunately, this was after they had decided not to move forward with our ongoing services and had selected another, “cheaper” IT company to work with. In actual fact they were onto their fourth IT company at the time of this incident in the space of 6 months. From the directors hacked email account, the hackers then sent out a “Supplier Statement” email that was designed to capture more usernames and passwords from all his contacts.
Now this firm is based in a regional town in Australia and being from a country town myself originally, I know what they are like. Everyone knows everyone’s business, and this is the sort of thing that can bring a firm to it’s knees. It has the potential to massively damage the reputation of the director, his firm and that ultimately, can drastically negatively affect his income and that of his family. To read more about this click here and learn what to do instead.
In another consulting engagement we were brought into a 10-person law firm with 2 directors in Perth. During our standard processes we discovered that their existing broken system was costing them approximately $730,000 of lost billable revenue in one year. They had already spent $350,000 in software licensing fees. So there is over $1,000,000 and that doesn’t include their existing IT support company’s ongoing maintenance and hosting of that system, which was contributing to the lost billable revenue. That doesn’t include the additional costs they would have faced when they fall victim to a cyber-attack. If you want to read more about this example, you can do so here.
So how do you avoid making the same big expensive mistakes?
Obviously, you want to work with an IT Services or IT Support company with extensive cyber security experience that implements on going cyber security services to monitor the security of your professional services firm’s IT systems 24x7x365.
There must be a multi layered security approach across all your IT systems either in house, in the cloud or a hybrid system. The services must have guaranteed response times and you must know how long the data is going to be retained for.
While you have no control of your client’s cyber security controls and mechanisms, this is why you must have, ongoing 24x7x365 external security monitoring of your systems. This then allows us to detect when something has happened, even if a cyber criminal or hacker has tried, or succeeded, to delete the evidence of it occurring from your systems.
You also want to view your IT and Cyber security protections and overall technology platform as an investment into your professional services firm. One thing you may not be aware of is the return on investment in your professional services firm can produce 100% to 200%. An excellent return on investment in the stock market is between 6% and 8% per annum.
Naturally, the investment in your professional services firm is the winning strategy. As a professional services firm equity principal, partner or director, you must learn to think, make decisions and act as an INVESTOR if you truly want to get ahead, understanding the value of time. Especially your own. A little tip I’ve learnt over my journey, the value of your time is not the billable hourly rate you charge clients, it should be much, much more.
Would it be inconsiderate of me to ask when does it become irresponsible to not invest in your team with the right training and the right services from the right IT support company to protect your reputation and family’s livelihood?
Combine robust IT and cyber security solutions and secure the future of your reputation, your family’s livelihood and your professional services firm today.
Want additional resources to help you prevent or mitigate reputation damage, protect your family’s livelihood and ensuring you don’t fall victim to scams, phishing emails or cyber-attack? Click here now and sign up for FREE actionable, byte sized (sorry, bad IT pun) tips delivered straight to your email inbox that you can use to protect your reputation and family’s livelihood.
