Conveyancing companies are prime targets for Cyber Criminals due to the fact its normal for them to move large amounts of money around all the time.
Reading up on a hack on a Conveyancing Company in Australia Sargeants Knox Conveyancing , would of probably made some of the classic security mistakes below to jeopardise their clients deposit.
No two factor Authentication
Two Factor Authentication mentioned multiple times here on the Response IT Blog is a must have for Any Cloud Based Application. Microsoft has a protocol called “SAML’" which means you can protect any of your company web apps behind this. It means you don’t have to rely on password which can be guessed or brute forced now for security.
No Updates or ongoing maintenance to Software \ Hardware
Unfortunately with devices being connected to the internet. An IT System is not a once off cost. Purchasing the initial hardware software is the first cost , however both Software / Hardware should be maintained under a warranty to make sure they are able to get Security Updates. An unpatched Server on the internet is an invitation for cybercriminals to get access to your organisation.
No Data Loss Prevention
A Small to Medium Sized Company will usually have no way to determine when data leaves their organisation. This is mainly due to the size , they can make sure trust is a factor to stop this happening internally , however we have seen this crop up , when a cyber criminal gains access as a user that has left and extract information out of the company without their being any knowledge
No Security information and event management Product
A pretty new technology and a must have for any company is a Security information and event management Product which ingests all the logs from your IT Environment and can detect suspicious activity to alert you on. For example in Office 365 the creation of a rule to forward emails outside your organisation is not normal so you are immediately alerted to check if this is valid
No Investment in Spam Protection or Firewalls that support Threat Protection
With the age of the cloud, it is very easy for anybody to sign up to an email provider directly who will also setup your domain for you to start accepting email. This behind their normal internet connection is the start of their small business IT System. Sometimes it never develops from here and best practices for these setups are never adhered too, which means down the line we see these sorts of basic systems being compromised.
No Phishing Training
Even if you have the state of the art firewall, spam protection and anti virus. It still won’t protect you from a user accidentally falling for a phishing scam and entering their password on a malicious site gives the cybercriminal an entry into your organisations