CTS Hack – Guidance For Legal And Conveyancing Firms
Following the news in the past few days of the cyber attack on CTS, we have outlined some key points on what has happened and critically what you should do if you are concerned about the impact of this incident.
What Has Happened?
There has been a major disruption impacting hundreds of legal, conveyancing and property firms since Wednesday. CTS, the managed service provider affected, announced on Friday the outage was caused by a cyber attack.
A statement from the business said “We are experiencing a service outage which has impacted a portion of the services we deliver to some of our clients. The outage was caused by a cyber-incident”.
What Does It Mean For Those Impacted?
At this stage, it is not understood what, if any data has been compromised. The biggest disruption so far has been to the organisations operationally effected chiefly with firms being unable to complete property transactions leaving thousands of homeowners in an uncertain position, with no confirmed date on when the impacted sales will be completed. More information will become available over the coming days about outputs and impact of the attack.
What Steps Should You Take?
If you are concerned of the impact on this incident on yourself, or suspect that your data may have been exposed in a cyber attack on your IT vendor, here are the steps you should consider taking:
1. Isolate potentially affected systems to prevent further compromise.
2. Identify and disconnect any affected devices or servers from the network.
3. Inform key members of your legal firm about the suspected breach.
4. Consult with your legal team to understand the legal implications and obligations.
5. Depending on your location and applicable data protection laws, you may need to report the breach to relevant authorities.
6. Work closely with the IT vendor to understand the nature of the attack, the vulnerabilities exploited, and the steps they are taking to remediate the situation.
7. Implement additional security measures to prevent future incidents. This may include updating security policies, improving access controls, testing your digital environment for vulnerabilities and enhancing monitoring capabilities.
8. Review your contracts with the IT vendor to understand their responsibilities and liabilities. Consider updating contracts to include stronger security provisions and breach response protocols.
9. Conduct a post-incident review to identify lessons learned and areas for improvement in your cybersecurity posture. Use this information to update and enhance your security practices.
For any other matters relating to cyber resilience best practice, or to understand more about Amicis Group’s work in the Legal, Conveyancing and Property sectors, please contact us at hello@amicisgroup.co.uk or click here to arrange a call with one of our team.