Infosec Cloud
Solutions. Services. Training.

Phillips Solicitors reinforces Cyber Attack Protection with Security Awareness Training and Testing

Phillips invests in end user IT Security Awareness Training and Testing, to protect both their own data and networks, and those of their clients.

Based in the heart of Basingstoke since 1986, the firm works towards achieving the best outcomes for their employees, clients and the local community However, by holding client confidential and sensitive information, including financial details, Phillips, like all Legal Firms, is an attractive target for cyber criminals.

Aware of their responsibility to their clients, Phillips was one of first law firms in Hampshire to be awarded Cyber Essentials Plus accreditation. The Cyber Essentials scheme identifies the security controls an organisation needs in place to help defend against Internet-borne threats.

A key element of the accreditation is to ensure all partners and staff understand security issues, applicable company policies and how to identify and terminate potential cyber attacks. To meet this need, Phillips initially planned to run their own security awareness training, but upon evaluating the market they choose the fully managed awareness training and testing service provided by Infosec Cloud.

Mike Worth, IT Manager, Phillips Solicitors commented: “ The Infosec Cloud service was extremely competitive, yet more importantly offered a good, helpful service and strong understanding around Security Awareness and the impact on regulated businesses.”

Impressed by the results, Phillips has just recently renewed to continue the service for a third year, confident that all partners and staff are informed, empowered and cyber security vigilant.

Training and Testing

Infosec Cloud provides an integrated programme of online training and bespoke, random test phishing emails. Vulnerable employees who fall for the emails after the initial training, are provided with immediate, remedial training.

This fully managed service has been designed by experts in cyber security and training. A dedicated team manages training delivery and tracking, and uses information in the public domain to build customised, test cyber-attacks.

Cyber Security Aware

Back in 2014, Philips Solicitors were already improving staff awareness around cyber and data security. However, the firm quickly appreciated the necessity and benefit in delivering a structured and continuously reinforced Security Awareness Programme.

The firm chose to work with Infosec Cloud as the combination of awareness training and customised cyber-attack testing guaranteed a change in employee behaviour.

Plus, being fully managed, there were no additional demands on the IT team.

“Our security awareness has significantly increased and continues to do so as a direct result of the service Infosec Cloud provides. Their methodical approach along with expertise ensures that we achieve a measurable return on investment,“ added  Mike Worth, IT Manager, Phillips Solicitors.

Since purchasing SATT from Infosec Cloud, Phillips has purchased other services and are looking to further strengthen the relationship. Phillips has been impressed by Infosec Cloud’s extensive cyber security expertise, industry knowledge and understanding of specific client requirements.

Infosec Cloud is an established IT Security reseller and managed services partner. The company offers a comprehensive portfolio of cloud-based, hybrid and on-premise IT security, productivity and compliance solutions, plus video-based, measurable employee security and GDPR awareness training.

Click Here for more information on our Security Awareness Training and Testing service >>

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks

    Cyber Security Awareness Training & Testing (SATT) shortlisted for British Legal Awards

    Infosec Cloud is delighted to have been shortlisted for this year’s British Legal Awards. The company’s Security Awareness Training and Testing (SATT) managed service has been recognised as a finalist for the Supplier of the Year (Technology) Award.

    Organised by ‘Legal Week’, the awards will be judged by an independent panel of judges made up of senior in-house lawyers, former managing and senior partners and other senior business figures.

    Infosec Cloud’s entry focuses on the company’s Legal Sector Security Awareness Training and Testing (SATT) managed service, developed to stop IT End Users causing security incidents.

    Holding high value information and financial details, Legal Practices and Partnerships are particular targets for cyber criminals. Plus Firms have a high proportion of senior staff members who may be reluctant to follow corporate security procedures, and staff are under increasing time and workload pressures, making them even more vulnerable to today’s sophisticated cyber-attacks.

    To help the legal sector protect their data, clients and reputation, and following an in-depth market evaluation, Infosec Cloud developed their own fully managed Security Awareness Training and Testing (SATT) service. The service was launched in 2014.

    Today, nearly 80,000 IT End Users, across the UK, are enrolled on the Infosec Cloud SATT service. Legal customers include many of the top 200 law firms and all grade the service as ‘meets or exceeds expectations’ (quarterly satisfaction survey). The SATT service is applicable to organisations of all sizes, whether national or regional, plus the company is working with both LEXCEL assessors and Law Firm Networks.

    Commenting on the awards, Infosec Cloud Managing Director, Pete Sherwood says: “Being shortlisted for this award is great recognition for the service we have developed and the value it is providing to the Legal Sector in terms of keeping Firms and Partnerships cyber safe”.

    Security awareness training is not new, however the way that it is delivered, tracked and kept front of mind by Infosec Cloud is new. The SATT service comprises both training and ongoing testing with focused remedial training. The company has invested in a dedicated SATT team that researches, builds and tracks the simulated cyber-attacks, with bespoke content created for each customer.

    The SATT service is fully managed so that there are no additional time requirements for the IT team. Plus as an ‘independent’ third party, Infosec Cloud ensures all staff, regardless of seniority, are included.

    Click here for more information on the SATT service >>

    The British Legal Awards serve as a showcase for the achievements of one of the country’s most successful sectors. Hosted by Legal Week in association with The City of London Law Society, the glittering awards ceremony is attended by 1,000 lawyers, representing the cream of the UK’s legal community. This year’s ceremony will take place on Thursday 30 November at Finsbury Square, London EC2.

    More information on the Awards >>

    Implications of the Equifax Data Breach

    Credit-reporting company Equifax Inc. disclosed last Thursday that cyber criminals had gained access to some of its systems, compromising the personal data of up to 44 million British consumers.

    The information commissioner has said that it is investigating how the hack on Equifax, a US credit rating firm, affected UK customers, many of whom will be unaware their data is held by the company.

    Equifax and its UK subsidiary companies state on their websites that they represent British clients including BT, Capital One and British Gas.

    This latest data breach will lead to a spate of phishing emails with credit card related themes, which are sometimes very hard to resist because money is at stake. Training employees to correctly spot social engineering hooks is essential.

    How many of your employees would click on this email:

    Equifax Notification Email

    Everyone needs to look out for:

    *  Phishing emails like the example above that claim to be from Equifax
    *  Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information
    *  Calls from scammers that claim they are from your bank or building society
    *  Fraudulent charges on any credit card because your identity was stolen

    ICO Deputy Commissioner James Dipple-Johnstone, said: “We are already in direct contact with Equifax to establish the facts including how many people in the UK have been affected and what kind of personal data may have been compromised. We will be advising Equifax to alert affected UK customers at the earliest opportunity.

    A spokesman for BT said: “We are aware of the developing story and are monitoring the situation closely. Like many companies in the UK, BT uses Equifax services. We are working on establishing whether this breach has any impact on those services.”

    Find out how to ensure your IT end user are cyber-security aware >> http://www.infosec-cloud.com/security-awareness/

    Infosec Cloud builds Staff Security Awareness at Poole Grammar School

    School achieves Top Marks for Staff Security Awareness Training & Testing.

    Infosec Cloud started working with Poole Grammar School (PGS) in early 2016, to train staff to spot fraudulent emails and websites, and to be alert to the full range of today’s potential cyber attacks.

    After a very succesful 12 months of providing Cyber Security Awareness Training & Testing (SATT), PGS has recently renewed the service for another year. All training materials and phish tests are continually updated to reflect current day threats, so continuing the service will ensure staff remain fully alert and vigilant.

    Having successfully completed 12 months of training and testing, PGS staff are pro-actively helping to protect the school plus its connected suppliers, partners and families.

    PGS is a selective, boys’ grammar school and academy in Poole, Dorset. The school has 1200 pupils, aged 11 to 18, with an appropriately sized teaching, support and leadership team. IT Network Manager, Jeff Hay, was acutely aware of the risk of potential cyber security attacks on the school. Attacks that could result in criminal access to confidential information or the launch of a costly ransomware attack.

    In fact in January 2017, Action Fraud, the UK’s fraud and cybercrime centre, reported that cyber criminals were targeting UK schools, demanding payments of up to £8,000 to unlock data they had encrypted with malware.

    With the increasing frequency and sophistication of cyber attacks, the biggest threat is actually people’s lack of information and naivety. It can take just one click to compromise an entire school’s networks and data.
    Jeff Hay, IT Network Manager, Poole Grammar School.

    However, working at one of the country’s top schools, Jeff understood that training alone is not enough. Day to day behaviour can only be changed by a combination of training and targeted testing. The very fact that staff know they will be tested makes sure they remain extra vigilant so as not to be ‘caught out’.

    That’s why PGS selected Infosec Cloud to provide their fully managed Cyber Security Awareness Training & Testing service.

    Fully Managed Service:

    Infosec Cloud provides PGS with cyber security awareness training and testing as a fully managed service. This ensures all staff, from the Head Teacher down, are included in the program. All PGS needed to do was to provide Infosec Cloud with an excel spreadsheet of staff names and email
    addresses.

    Integrated 12 month program:

    High quailty, bite-sized video training is delivered online at the desktop, with an integrated 12 month program of bespoke test phishing emails.

    Vulnerable staff who fall for the emails after the initial training, are provided with immediate, relevant remedial training.

    The training has heightened everyone’s awareness and hopefully staff will delete the threat before we have to fall back on PC security, Antivirus, or in the worst case, backups. Even better is that the staff now know how to respond if they have opened an attachment or followed a suspect link. This gives the IT Team a fighting chance of nullifying the threat!
    Jeff Hay, IT Network Manager, Poole Grammar School

    The 12 month program comprises:

    1. Initial baseline phishing email test
    2. 15 minute Video Training for all staff – delivered online
    3. 11 month program of random test phishing emails
    4. 40 minute remedial training for vulnerable staff members (those who still click after the training)
    5. Monthly reports and full program management

    Infosec Cloud also provided internal communications for school staff explaining the training and testing process, and why everyone needs to remain vigilant at all times, plus guidelines for Jeff to handle any staff concerns.

    Results and Reports

    All staff were trained within the first three months and after training the average click rate was reduced to 4%, down from the initial baseline of 55%.

    Jeff receives monthly updates detailing the staff training status and who has clicked on deceptive links, opened potentially malicious attachments and entered logon credentials to spoofed landing pages. All this information remains confidential and is only used to provide vulnerable staff members with additional training.

    Download a copy of the full case study >>

    Read more about Security Awareness Training & Testing >>

    2016 Research – Cyber Attacks on Law Firms Increasing

    73% of top 100 law firms targeted in 2016

    The 2016 PwC Law Firms Survey reports that an increasing number of security incidents are being experienced across the UK legal sector. The research found that 73% of the UK top 100 law firms were the target of attacks last year.

    Although larger firms are the greatest target, all law firms are targets for cyber-crime due to the confidential information held and the large volume of client funds retained. The very nature of law firms makes them an attractive target.

    Key findings:

    *  Information security is a significant area of risk to the legal industry with 73% of all law firms reporting they had suffered from a security incident.
    *  The most common incidents relate to phishing attacks (malicious emails) and infection by viruses/malicious software, with 84% and 55% of firms respectively stating they have suffered one such incident during the past 12 months.
    *  Whilst there is an increasing threat from outsiders, 41% of all law firms report that they have suffered incidents as a result of their own staff.

    Security awareness training and and simulated, random cyber-attack testing is proven to actually change staff behaviour and build a human firewall of vigilant, empowered employees.

    Download the Legal Sector Guide to Security Awareness Training and Testing (SATT) >>

     

     

    Are employees your greatest risk?

    The Business Debate: Can the greatest asset of a business also be one of its greatest risks?

    Interview with Paul Hopkins, Technical Director, Institute of Risk Management.

    The Business Debate – IRM’s vision for Risk Management
    The Debate Biz.

    Minimise ‘people risk’ with Security Awareness Training and Testing >>

    Luscombe Drinks refreshes staff Security Awareness

    Luscombe Drinks invests in end user IT Security Awareness Training and Testing, to protect both their own data and networks, and those of their connected suppliers and customers.

    Luscombe is ensuring all their employees are informed, empowered and vigilant against today’s online and physical cyberattacks with company-wide Security Awareness Training and Testing.

    Luscombe is aware that not only could sensitive or confidential data, such as details of their recipes and processes, be breached, but that a ransomware attack could result in major operational disruption with subsequent loss of business, customers and reputation.

    The company has been producing quality fruit drinks since 1975. All drinks are crafted with exceptional care and integrity. There are no compromises, only the best goes in the bottle.

    When Luscombe decided to train their employees to be security aware, they contacted Infosec Cloud to deliver their fully managed end user Security Awareness Training and Testing (SATT) service.

    Fully Managed Service

    Infosec Cloud provides the training and testing as a fully managed service. This ensures all employees, including the IT team and senior management, are included in the programme. All Luscombe needed to do was to provide Infosec Cloud with an excel spreadsheet of employee names and email addresses.

    Integrated 12 Month Programme

    Infosec Cloud is delivering the video-based interactive online training with an integrated 12 month programme of random test phishing emails. Vulnerable employees who fall for the emails after the initial training, are provided with immediate, remedial training.

    The 12 month programme comprises:

    1.    Initial baseline phishing email test
    2.    15 minute Video Training for all employees – delivered at the desktop
    3.    11 month programme of random test phishing emails
    4.    40 minute remedial training for vulnerable employees (those who click)
    5.    Monthly reports and full programme management

    Infosec Cloud provided Luscombe with internal communications explaining the training and testing process, and why employees need to remain vigilant at all times, plus guidelines for the IT Helpdesk, used to handle any employee concerns.

    Wayne Martin, IT & Engineering Manager, Luscombe Drinks said: “There are many companies offering Security Awareness Training, however the Infosec Cloud programme is different, and has actually changed our employees’ behaviour. The combination of training and simulated cyber-attacks, such as phishing emails, is certainly keeping us all on our toes.

    Training Videos

    Within two months, all Luscombe employees had completed the training. The training videos, delivered at the desktop, include real-life examples and scenarios. The videos can be paused and replayed as needed, and cover:

    1.    Your Role – Internet Security and You
    2.    Common Traps – How Criminals Try to Trick You
    3.    Red Flags – Warning Signs That Alert You
    4.    Danger Zone Exercise – Find the Red Flags

    Wayne Martin continued: “Our employees all liked the training videos as they were able to watch them at their own pace and when most convenient. They are now applying this knowledge in their day to day jobs.”

    Security Awareness Training and Testing helps build a human firewall. Interactive training is delivered at the desktop and reinforced with random, simulated test cyberattacks, such as tailored phishing emails.

    Now at month four, the Luscombe Drinks employee’ phishing email click through rate is down to zero. The testing and training cycle will continue, with users seeing different phishing emails, every month, at random. There may be some further ‘clicks’ however the trend should be a constant, low click rate.

    The results show how a combination of web-based training and frequent simulated phishing attacks really works.

    Luscombe Drinks has found that a small investment in end user Security Awareness Training and Testing means they can safely concentrate on doing what they do best, making drinks that are a real pleasure to taste.

    About Luscombe Drinks
    Luscombe Drinks has been making beautiful drinks since 1975. Based on a farm in deepest Devon, all of the drinks are crafted with exceptional care and integrity. Gabriel David, the head of the family-owned business, sources the ingredients direct from growers he trusts. There are no compromises, only the best goes in the bottle. http://www.luscombe.co.uk/

    Find out Security Awareness Training and Teating can help you build a human firewall >>

    Recognise phishing emails, links, or phone calls

    Phishing emails, websites, and phone calls are designed to steal money and data. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

    Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

    What does a phishing email message look like?

    Here is an example of what a phishing scam in an email message might look like.

    phishing_email_example-image

    • Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organisations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam.
    • Beware of links in email. If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address. Links might also lead you to .exe files. These kinds of file are known to spread malicious software.

    Malicious link image

    • Threats. Have you ever received a threat that your account would be closed if you didn’t respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised.
    • Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.

    Beware of phishing phone calls

    Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license.

    Once they’ve gained your trust, cybercriminals might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

    Treat all unsolicited phone calls with skepticism. Do not provide any personal information.

    Report phishing scams

    If you receive a fake phone call, take down the caller’s information and report it to your local authorities.

    You can use Microsoft tools to report a suspected scam on the web or in email.

    • Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
    • Outlook.com (formerly Hotmail). If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Outlook inbox. Click the arrow next to Junk and then point to Phishing scam.
    • Microsoft Office Outlook 2010 and 2013. Right-click the suspicious message, point to Junk, and then click Report Junk.

    You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.

    Source: http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

    Find out how train your IT End Users to be Cyber Security Vigilant – and protect themselves and your organisation >>

    Phishing emails and bogus contact: HMRC examples

    If you think you have received a HM Revenue and Customs (HMRC) related phishing / bogus email or text message, you can check it against the examples shown in a free HMRC Guide.

    Download the HMRC Guide Here >>

    It will assist HMRC investigations if you report all ‘HMRC related’ phishing emails and bogus text messages to HMRC. Even if you receive the same / similar phishing email or text message on multiple occasions, please forward it to [email protected] and then delete it.

    Do not open any attachments or click on any links within the email or text message, as they may contain malicious software or direct you to a bogus website.

    End User Security Awareness Training – at less than £1/user/month

    Now is the time to invest in Security Awareness Training, so that your end users understand the mechanisms of:

    • ✓ Spam
    • ✓ Spear Phishing
    • ✓ Pop ups
    • ✓ Malware
    • ✓ Social engineering
    • ✓ Phishing
    • ✓ Website Security
    • ✓ Adverts
    • ✓ Ransomware
    • ✓ Physical security

    The consequences of failing to do so go well beyond bad headlines. One significant data breach can lead to lost jobs, substantial legal costs, non-compliance penalties, loss of brand reputation, customer loss, and a catastrophic hit on the bottom line. You only need to read the latest news to see why it is imperative that you take action today to protect your company and your employees.

    Every company needs to invest immediately in results-driven security awareness training for all employees – from the CEO down…

    Infosec Cloud provides fully managed Security Awareness Training reinforced by frequent simulated, randomised cyberattacks to help organisations create cultural change and build a human firewall.

    Click here to request your free Quote >>

    Defending Law Firms from Cyber-attack Conference 10 May: Manchester

    With the 2015 Information Security Breaches Survey estimating that 90% of corporations having experienced a cyber security breach in the last year, cybercrime is a national scale problem that requires immediate action.

    Cybercrime costs the UK around £27 billion every year and although some government action has been taken to stem this financial haemorrhage, it remains a growing threat.

    Law firms are particularly vulnerable to this criminal activity, as they often deal with the kind of sensitive information targeted by fraudsters.

    For this reason, businesses must take measures to protect themselves, safeguarding their digital infrastructure with appropriate software and staff training.

    Attend the Defending Law Firms from Cyber-attack Conference, where high level speakers from government, Law and cyber security will be presenting their views on how to defend law firms from cyber-attack. Topics covered shall include the threat cybercrime poses to law firms, why law firms are particularly at risk and how law firms can protect themselves from attack.

    Click Here for tickets >>

    In the meantime – find out why more and more law firms are choosing the Infosec Cloud fully managed End User Security Awareness Training service.

    Our guaranteed, web-based interactive security awareness training combined with frequent simulated phishing attacks, live demonstration videos and short tests makes sure employees understand the mechanisms of spam, phishing, spear phishing, website security, pop ups, adverts, malware, ransomware, social engineering and physical security.

    This is a full managed service which requires virtually nothing from you or your team – all you have to do once you have placed the order is provide us a list of your users email addresses.

    We create all the content, simulated attacks and track the results – all of which are reported on back to you. And all for less than £1/user/month.

    Request your no obligation quote here >>