6 ways to protect your law firm from ransomware attacks
When a cyber attack happens, the cost to your company will be widespread and unpredictable—from millions of dollars in fines and expenses to long-lasting reputational damage, writes Amanda Fennell and Kyle Kurdziolek.
In 2020 and beyond as we move to a more remote workforce, lawyers and law firm staff are more susceptible to cyber attacks now than ever before due to potential weak security protocols on their home Wi-Fi networks, which can allow hackers easier access to a network’s traffic.
Hackers are deploying some of the most sophisticated malware attacks ever seen, and law firms are a primary target. Law firms are particularly vulnerable targets for bad actors because they handle large amounts of sensitive client information, data and money.
Recently, ransomware attacks have received increased visibility and media coverage within the legal sector. Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
The price is always in a cryptocurrency, usually Bitcoin, per machine to decrypt your files. The attackers are willing to decrypt a few files for free in most cases, to prove they can, and have even taken to negotiating with companies who try to lower the extortion payment. Victims should avoid paying ransom at all costs, unless they have no other option available.
By paying the ransom, you are directly funding the crime and the criminals, which will only encourage them to continue doing it. Further, you’re now in the list of people who pay when extorted, so you can almost guarantee to pay again in the future.
According to the Sophos State of Ransomware 2020 report, the average ransomware remediation cost in Australia is $1,122,914.16—which can be a devastating financial loss especially in a year of economic uncertainty for many businesses. Unfortunately, once the system is locked, there are very few options to salvage data and/or your firm’s reputation.
The best way to protect your firm is to take a proactive approach. Here are six simple steps you can take now to help protect your firm:
1. Enable two-factor authentication
Ransomware as a Service (RaaS) operators can heavily rely on exposed credentials that are leaked on the dark web for access. Provide an extra layer of security by enabling two-factor authentication to better prevent threat actors who wish to gain access to your systems.
2. Back up your data, often and to the cloud
Back up systems regularly and often and ensure that those back-ups are segmented and secure from the rest of the network. The best way to do this is to utilise cloud services.
3. Email security
Often, organisations lack the proper email defence mechanisms to prevent ransomware or malware attacks. Implementing an email security gateway allows proper filtering and detection of known threats that are prohibited to enter employees’ email boxes.
4. Enable antivirus
Enabling your antivirus is a critical step to better protect systems. This will improve the security posture of the organisation and effectiveness of eliminating possible ransomware incidents.
5. Patch, patch, patch!
Continuous scanning for security vulnerabilities is imperative to the security of the organisation. Ransomware attacks can come from compromised accounts, spear phishing attempts and through known vulnerabilities. Internal vulnerability scanning will allow for proper remediation plans to take place in order to reduce the risk surface the organisation faces for external and ransomware attacks.
6. Educate your employees
Promote a culture of security awareness that spans across the whole organisation. Properly train employees to not click on suspicious links, download unknown attachments and reply to the sender—these are all educational points to teach employees to not fall victim to ransomware or other cyber security attacks.
When a cyber attack happens, the cost to your company will be widespread and unpredictable—from millions of dollars in fines and expenses to long-lasting reputational damage. In today’s ever-evolving threat landscape, taking proactive measures to mitigate risk is paramount to protecting your business and your clients’ sensitive data.
If you do find yourself in the unfortunate situation of going through a ransomware attack, the Australian Cyber Security Centre recommends you report the crime regardless of the outcome. It’s crucial that victims report incidents of ransomware attacks as it provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations and contributes relevant information to ongoing ransomware cases.
Amanda Fennell is the chief security officer and Kyle Kurdziolek is a cyber security analyst at Relativity.