Cyber Attack creates Nightmare for Home Movers and local Business​

It’s not just large corporates who fall victim to cyber-attacks. Far from it. SMEs are increasingly targeted, often with serious consequences for their clients as well as the firm's reputation.

Cyber Attack creates Nightmare for Home Movers and local Business

Businesses are being increasingly targeted by hackers, often with very serious
consequences for their clients as well as firms’ reputations

Simplify, a conveyancing law firm, was a victim of a targeted cyber attack at the back end of 2021. 

The company was hacked and access to their IT and telephone systems was lost, leaving thousands of customers unable to complete on their property purchases. It is believed the attack subsequently caused outages at five law firms within the Simplify group, multiplying the issues. 

Delays and costs affected distressed buyers and sellers throughout the chain. Frustrated and worried customers, unable to complete their house purchases and faced with a lack of information from the business, voiced their discontent on social media. 

MP’s call for an official investigation into the cyber attack and the repercussions it caused for home movers

There have been many interesting developments since the incident, a few of which particularly caught our eye. The first was a call from MPs for an official investigation into the cyber attack against Simplify Group. They called for “an official inquiry and ‘some sort of compensation’ should be issued to customers over the attack”, demonstrating the significance of the damage caused and potentially further damaging the firm’s reputation.  

The second was an alert from The Guild of Property Professionals, who warned estate agents that “more and more reports are being filed about cyber attacks on agencies themselves or on companies whose work impacts on the house sales industry.” This suggests cyber criminals are specifically targeting UK business sectors with tactics which seem to be working against similar firms. At the same time, we know that cyber criminals often use an opportunistic approach to compromising businesses, meaning firms have to look out for both targeted and untargeted attacks.   

Lastly, The Council for Licensed Conveyancers made a statement on Simplify’s incident. They stated what happened to Simplify could have happened to any business and the attack ‘served a very harsh lesson to all’. The council also suggested more attacks are likely to hit conveyancer firms given the money that flows through the sector. 

Although to date there have been no technical details released, the loss of the firm’s access to key business systems seems to align with the damage a ransomware attack can cause. Ransomware is designed to cause immediate outages to critical business systems to encourage the victims to pay ransoms to criminals.  

They are typically caused by unprotected company devices being compromised, employees visiting malicious websites or through opening infected email attachments. Ransomware attacks causing a domino effect against a company’s other group firms increases the pressure for a ransom to be paid.

Carrying out a risk assessment to identify and prevent potential incidents, as well as having a contingency plan would have gone a long way to ensuring the firm is resilient against such attacks

Keeping company devices up to date and training staff on cyber security awareness are good starting points for all businesses as they build natural cyber resilience to different kinds of cyber risk. Having secure builds for new systems (devices, cloud platforms, websites etc.) and strong identity controls (e.g., strong unique passwords, multi-factor authentication) will also help achieve strong cyber resilience.  

Aside from those processes which are relevant for almost all businesses, firms can carry out a cyber risk assessment to identity which specific risks apply to their company. Any effort or budget spent on security should address the key risks.  

As not all breaches can be prevented, it’s important firms also have monitoring in place so they can detect and respond to incidents. One easy and free way to detect when your personal or company data may have been compromised is HaveIBeenPwned.com  

You can check if your email or phone number has been reported in a public data breach and sign up for alerts if your data is included in a future public breach. Should you find your details are involved in a breach, we highly recommend you change your passwords immediately and activate multi factor authentication on all applications which cater for this.    

Kloudwerk works with you to help you keep cyber criminals out. We offer affordable cyber security consultancy packages for business customers. Please
consult our 
Cyber Consultancy page for more information.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Leave a Reply

Your email address will not be published.

On Key

Related Posts

WEBSITE SECURITY REPORT

GOLD

Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner

SILVER

The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.

BRONZE

You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.