Government trains lawyers and accountants in cyber threat

Lawers and accountants are identified as weak liinks in the cyber security chain when it comes to holding high value confidential data without adequate safeguards.

Government trains lawyers and accountants in cyber threat
Government trains lawyers and accountants in cyber threat

Digital Economy Minister Ed Vaizey has launched free training in cyber security for lawyers and accountants, who are often seen as the ‘weakest link' in corporate cyber defences.

The online training, announced on Tuesday, aims to make cyber security ‘”part of the day job” for the two professions, giving them information on how to protect themselves and their clients.

Ironically, the scheme picks up on advice from notorious whistleblower and Government scourge Edward Snowden - who said in July that lawyers, accountants and other professionals should do more to protect the sensitive data they handle through routine encryption.

Security firms have also been highlighting for some time how cyber criminals often attack these advisers, seeing them as a soft target who handle valuable commercial data for corporate clients, but lack the highest levels of cyber threat awareness.

Earlier this year, FireEye reported on the ‘Operation SnowMan' cyber espionage campaign, and previous DeputyDog and EphemeralHydra campaigns which targeted law firms among others. In March, Zscaler also identified an APT watering-hole campaign that used the website of a law firm that works with energy companies to plant the LightsOut exploit kit on its intended victims.

The Law Society, which is helping deliver the new training, admitted: “In today's interconnected world, cyber attacks are a threat to all businesses - and law and accountancy firms are particularly attractive sources of information for criminals. Commercial data, IP information and sensitive client data may all be targeted.”

The scheme is being funded by the Government's £860 million National Cyber Security Strategy. It covers what cyber security is, how it affects lawyers, accountants and their clients, cyber threats, phishing and hacking cyber attacks, and mitigating their impact.

It has been welcomed within the security industry.

Cyber expert Alan Woodward, an adviser for Europol and visiting professor with Surrey University's Computing Department, told SCMagazineUK.com: “The bottom line is I think it's an extremely good idea.

“The sort of information these professions hold is extremely sensitive and they are not necessarily aware of the steps they need to take. A lot of them are relatively small businesses and so have fairly basic IT and often don't have inhouse IT skills, so I think this is an excellent step to protect us all really.

“It's nice to see the Government doing something, they really are doing something tangible.”

Woodward also hoped the scheme could be extended: “This is particularly sensitive information but there are a number of other professions where it's also true. It would also be nice to see something similar being done in areas like the health professions. As we know there's been quite a few breaches on the health side.”

Launching the scheme, Ed Vaizey said: “Members of the legal and accountancy professions can be a target for cyber attacks. It's essential government and industry work together to protect UK companies from online attacks that can cause millions of pounds worth of damage.”

Law Society deputy vice-president Robert Bourns added: “Cyber crime has the potential to compromise both clients' and solicitors' data. Training to raise awareness and understanding for all involved in practice is an important part of protection.”

Bourne also urged lawyers to join the Government's Cyber Security Information Sharing Partnership, which shares cyber threat and vulnerability data.

Alongside the course for lawyers and accountants, the Government also launched free training this week to help smaller UK businesses understand information security and guard against fraud and cybercrime. The 'Responsible for Information' course for SMEs is available through the National Archives, which helped develop the course after previously providing information security advice to civil servants.