A modern approach to office cyber security

Hedges Law, an employee-owned UK law firm, has partnered with Cloudify Legal, a tech consultancy for the legal sector, to implement a Zero Trust Network (ZTN).

Hedges Law’s aim was to achieve high cyber security with total remote working capability at an affordable cost. The traditional model, which consists of a business’ own network, firewalls and hardware, requires a substantial investment and maintenance. 

Hedges Law decided to take the ZTN approach with Google’s Chrome Enterprises and NEOWAVE’s FIDO secure keys to keep costs low without compromising security risk, following Cloudify Legal’s recommendation.

A ZTN is a security model which maintains strict access controls and does not trust any device by default, even if connected to a permissioned network. The ZTN approach advocates mutual authentication and provides access to the network based on the confidence of device identity and device health in combination with user authentication.

Google’s ZTN is predicated on a unique email address, and a reasonably secure password. By using Google’s Workspace service and sign in to Google’s worldwide network infrastructure, you are signing into a ZTN. The real power of Google’s ZTN sits with the option to enable and modify two-factor authentication (2FA). Using a modern and secure version of 2FA with a physical secure key for each employee, Hedges Law has given its network an additional layer of protection from ransomware, malware and phishing attacks.

Hedges Law chose NEOWAVE’s Winkeo FIDO U2F via UK-based distributor Open Seas. All 50 employees have been given the key and are required to use it in order to authenticate their log in when a new device or IP address is detected by Google. NEOWAVE’s key has been chosen for its affordable price and its enhanced security as it follows the FIDO Alliance standards and prevents brute force, phishing and man-in-the-middle attacks.

Overall, Hedges Law saved £48,000 per year on their Network Infrastructure costs when compared to the nearest competitor without compromising security protection. Implementation by Cloudify Legal of the Winkeo FIDO U2F keys and Chrome Enterprises system across the organisation took no longer than one working day.

Karen Edwards, Operations Director, Hedges Law, said: “The risk of cyber attacks is on the rise with 39% of businesses reporting cyber attacks or breaches in the past 12 months. The legal sector is no exception. We were looking for a modern solution that delivers enhanced security from cyber attacks, simple implementation, comes at an affordable price and is easy-to-use on a day to day basis for our size practice. I’m happy to say that the products from Google and NEOWAVE delivered just that!”

Wayne Pollock, Partner, Cloudify Legal, said: “Modern cyber threats require modern defensive solutions. Chrome Enterprise and NEOWAVE offer just that. A reliable, secure by design and a super low-cost solution. Large corporations worldwide are abandoning traditional network security models in droves due to operational expense and the significant data / cyber security risk. Sadly, smaller law firms are still being mis-sold the traditional tech stack, often disguised as Cloud, Hosted or Managed Desktops. Vendors don’t push ZTN solutions because they would make no money. Further, no business or user in the world that runs Chrome Enterprise and a FIDO key has been breached with malware or ransomware. All [Law] firms should consider moving to ZTN and NEOWAVE’s keys. Don’t be fooled, you need both and vendors and IT staff will often disagree wanting to sell you complex and expensive solutions to achieve similar levels of cyber security.”

Jason Kent, Director, Open Seas, said: “The Winkeo FIDO key from NEOWAVE is a more secure alternative to an authenticator app. It introduces a physical element to your network, which makes it harder to crack by bad actors. An estimated 90% of security breaches are as a result of poor authentication, but with a FIDO secure key that falls to zero. Winkeo’s low cost means that businesses of any size can achieve this high level of protection.”

About Hedges Law

Hedges has an incredibly long history that spans four centuries. We’ve been around for two World Wars, 62 Prime Ministers and nine Kings & Queens but we wanted to show that despite our history and the hundreds of years we’ve been around, innovation and excellence is at the heart of what we do.

Our tagline is “Advice for Life”. This means being the legal advisor of choice for our clients and families, to support them throughout their lives with all their legal needs as they navigate through life’s experiences.

Hedges has embraced the benefits of cloud-based technology to enable their employees to work flexibly from anywhere, while providing the best service and advice to their clients. The majority of employees work from home but the firm still maintains office space/hubs for those staff that want to work from an office environment as well as allowing physical meetings with clients.

In May 2021, Hedges Law became Employee Owned. This means that each one of our employees is now a part owner of the business we are all so proud of.

About Cloudify Legal

After helping Hedges Law Ltd move from the expensive and inflexible ‘break and fix’ technology model to a low-cost, high productivity and profitability model, Wayne Pollock and Steven Blundell realised many small and medium-sized law firms needed help and formed Cloudify Legal. A year on, Cloudify Legal has helped 21 customers in the UK, US, Aust and NZ improve their productivity, profitability and data security. Cloudify Legal are Gold Certified partners of Actionstep, a leading cloud-based practice management system.

About Open Seas

Open Seas is a UK-based enterprise IT solutions company specialising in cyber security and data protection. Open Seas acts as a bridge between customers and best-in-class IT suppliers providing optimum solutions to their customers’ IT needs.

In addition to its 24×7 cross-platform MDR service, the company provides Privileged Access Management and Zero Trust Network Access solutions, file synchronisation, replication, and backup products.

Open Seas is an official UK distributor for Neowave products including the Winkeo-C FIDO2 security key, Winkeo U2F and Badgeo smart cards.

Open Seas

Open Seas is a UK-based enterprise IT solutions company specialising in cyber security and data protection. Open Seas acts as a bridge between customers and best-in-class IT suppliers providing optimum solutions to their customers’ IT needs.

In addition to its 24x7 cross-platform MDR service, the company provides Privileged Access Management and Zero Trust Network Access solutions, file synchronisation, replication, and backup products.

Open Seas is an official UK distributor for Neowave products including the Winkeo-C FIDO2 security key, Winkeo U2F and Badgeo smart cards.

Ab Initio partners with BT Group to deliver big data

Luke Conrad • 24th October 2022

AI is becoming an increasingly important element of the digital transformation of many businesses. As well as introducing new opportunities, it also poses a number of challenges for IT teams and the data teams supporting them. Ab Initio has announced a partnership with BT Group to implement its big data management solutions on BT’s internal...

WAICF – Dive into AI visiting one of the most...

Delia Salinas • 10th March 2022

Every year Cannes held an international technological event called World Artificial Intelligence Cannes Festival, better known by its acronym WAICF. One of the most luxurious cities around the world, located on the French Riviera and host of the annual Cannes Film Festival, Midem, and Cannes Lions International Festival of Creativity. 

Bouncing back from a natural disaster with resilience

Amber Donovan-Stevens • 16th December 2021

In the last decade, we’ve seen some of the most extreme weather events since records began, all driven by our human impact on the plant. Businesses are rapidly trying to implement new green policies to do their part, but climate change has also forced businesses to adapt and redefine their disaster recovery approach. Curtis Preston,...