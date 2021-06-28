An empty jury box at an American courtroom in Pershing County, Nevada. Image by Ken Lund (CC BY-SA 2.0)

Sensitive information belonging to more than a thousand law department employees in the U.S,. appears to have been exposed in the cybersecurity incident. The gateway in for the hackers was simply one worker’s pilfered email password.

Ran Pugach from Ava Security explains to Digital Journal on why NYC’s Law Department has a need for basic cyber hygiene and employee awareness. Thus follows the legal entity being hacked because of a stolen password.

The intrusion into the IT system of the New York City Law Department is being co-investigated by the New York Police Department and the FBI’s Cyber Task Force, reports the New York Times.

Ran Pugach is the Chief Cyber Product and Development Officer at Ava Security.

Pugach begins by looking at the relative ease of the attack, noting: “All it took for a hacker to get into New York City’s Law Department was one stolen email password. This seemingly ‘simple’ hack shows how important good basic cyber practices are.”

In relation to the ease of such attacks, Pugach states that “More than 90 percent of cybersecurity attacks are targeting people.” This means this type of hazard cannot be ignored.

Pugach recommends that: “To help protect the valuable data that this 1,000-lawyer agency has there needs to be an emphasis on cyber hygiene and employee education.”

In terms of developing a suitable plan, Pugach puts forward: “Businesses – whether SMEs, large enterprises or government agencies – need to safeguard the personally identifiable information they have. Smart technology can play a key role here – like having a system in place that can provide instant protection against users accessing unsafe applications, using unapproved hardware, or opening unauthorised files.”

After this, the next measure to consider is: “Real-time, continuous education can help employees understand what threats look like, what steps to take and who to contact if an incident arises.”

Pugach describes the measures as ‘the basics’, and he points out: “The basics are there for a reason – they form the foundation of a company’s cyber security and shouldn’t be overlooked. Businesses need to make sure that everyone – regardless of level or job role – understands the importance of cybersecurity.”

This ensures, Pugach concludes: “By having this level of awareness across the business, an employee can notify the security teams of any unusual behaviour happening on the system. A strong cyber security policy is one that combines smart technology with employee buy-in and education.”