How not to get grounded according to Practice Evolve
How not to get grounded.
Were you one of the millions of Microsoft PC users greeted with an immovable blue screen on Friday 19th July? Was your ‘out of office’ on but on arrival at the airport your holiday flight was cancelled? Could you remember your PIN when contactless payment didn’t work as you tried to buy your morning coffee? Or, more seriously, was your hospital appointment cancelled?
In the initial hours following the huge IT outage that led to global chaos, experts thought the issues had occurred as a result of a Microsoft update. It soon became clear that was not the case.
A faulty update.
The source was actually an update issued by CrowdStrike, a cyber security company that supplies cyber security software to millions of users. All of the computers that were affected were running its software. Once the update was installed, the computers were unable to run. Alas, the update had a bug caused by a malfunction in CrowdStrike’s quality control mechanism. Cue 20 hours of internet disruption that is anticipated to cost billions in insured losses.
But aren’t updates the right thing to do?
Yes, they absolutely are. If your software provider issues an update, you should always implement it as soon as possible. When software isn’t updated constantly, cyber attacks can occur. And then your law firm is at real risk of being grounded. This is why so many companies rely on platforms built and managed by companies such as CrowdStrike to ensure their computers are protected from malware and hackers.
A faulty update is rare and it’s not something you would ever be expected to pick up on. A provider will have systems in place that should spot any bugs before an update is made public. We must retain our trust in the process and the people behind it whilst remaining mindful of the latest cyber security developments.
There’s no room for complacency.
Please don’t get caught out thinking your firm will never be the target of a cyber attack. Attacks do happen and with unnerving regularity. Only last October, hackers took advantage of a flaw in Boeing’s Citrix System and consequently leaked data from the aerospace manufacturer. Citrix stated that a patch had previously been released that would have fixed the flaw had it been applied.
Boeing was one of more than 5,000 organisations that hadn’t yet applied the patch. Around the same time, managed services provider to the UK legal sector, CTS, was hit by a cyber attack thought to be caused by the same Citrix flaw. Over 80 law firms were affected.
How not to get grounded – apply the update.
By ensuring updates are applied as soon as they’re made available, your company has the best possible chance of foiling the perpetually circling cyber criminals. As outlined, it’s imperative that you continue to apply updates – or patches as they’re often known – to your law firm’s software. Keep up-to-date. Simple. That’s how not to get grounded.
Go update. Now.
Not applying an update or patch will leave your firm vulnerable. Having a robust update and patch process is integral to an effective cyber security strategy. The National Cyber Security Centre recommends this. It’s a key element of Cyber Essentials, a Government-backed scheme that is specifically designed to protect companies against the most common cyber attacks. So, give yourself a pat on the back if updates are a common occurrence. If they’re not, make it a priority that they are.
