Researchers from Atlas Cloud, a company that provides IT services to the recruitment and legal sector, has published research showing that nearly three-quarters of UK law firms have employee username and password combinations in lists in the darkest places on the internet.
They found that of the 5140 firms audited, 72.2% had at least one instance present on these lists. A total of 1,001,313 passwords relating to UK firms were found in the study.
Atlas Cloud have warned that cybercriminals who use this side of the internet could use the information to access a firm’s IT systems, and therefore access to valuable data or transactions.
The UK-based based company compiled these findings while auditing firms for breached passwords, protection against phishing and email hijack protection. They also assessed firms’ alignment with the UK Government’s Cyber Essentials programme.
The study identified further cyber threats, finding that DMARC – a security measure in preventing domain hijacking – has been implemented by less than half of UK firms. Atlas Cloud have warned that if a domain is hacked, it allows hackers to send emails that appear to be from the domain, therefore creating an opportunity for exploitation.
CEO of Atlas Cloud, Pete Watson stated:
“The sheer volume of password combinations available to criminals is a stark reminder of the threat that cyber poses to a firm.
“You can minimise this risk by applying multi-factor authentication on your systems, which adds an additional one-time authentication token, but criminals have been known to find ways around this too.”
The General Data Protection Regulation (GDPR) was designed to give citizens of the EU greater control over their data and to ensure that companies...
With the introduction of the UK GDPR (General Data Protection Regulation) in 2018, businesses are being held to a higher standard...
A compliance framework is a system of requirements and procedures that an organisation needs...