Researchers from Atlas Cloud, a company that provides IT services to the recruitment and legal sector, has published research showing that nearly three-quarters of UK law firms have employee username and password combinations in lists in the darkest places on the internet.
They found that of the 5140 firms audited, 72.2% had at least one instance present on these lists. A total of 1,001,313 passwords relating to UK firms were found in the study.
Atlas Cloud have warned that cybercriminals who use this side of the internet could use the information to access a firm’s IT systems, and therefore access to valuable data or transactions.
The UK-based based company compiled these findings while auditing firms for breached passwords, protection against phishing and email hijack protection. They also assessed firms’ alignment with the UK Government’s Cyber Essentials programme.
The study identified further cyber threats, finding that DMARC – a security measure in preventing domain hijacking – has been implemented by less than half of UK firms. Atlas Cloud have warned that if a domain is hacked, it allows hackers to send emails that appear to be from the domain, therefore creating an opportunity for exploitation.
CEO of Atlas Cloud, Pete Watson stated:
“The sheer volume of password combinations available to criminals is a stark reminder of the threat that cyber poses to a firm.
“You can minimise this risk by applying multi-factor authentication on your systems, which adds an additional one-time authentication token, but criminals have been known to find ways around this too.”
Phishing scams, a long-standing issue that many people are familiar with, have become even more dangerous and prevalent in today’s technology-driven world...
Data is critical to success in any industry, regarded as the lifeblood of any business. The ability to collect, store, and analyse data...
The UK General Data Protection Regulation (GDPR) is designed to protect the personal data of individuals in the United Kingdom...