Law firms are a prime target of cybersecurity attacks because they deal with confidential data, and many do not have the proper security protocols in place. An October 2020 report from the American Bar Association shows that the number of firms who experienced a security breach (such as a lost/stolen computer or smartphone, hacker, break-in, or website exploit) increased over the prior year: 29% of respondents compared to 26% in 2019. One of the most costly forms of a cybersecurity attack in terms of time and resources is ransomware. Let us explore what ransomware is and how to protect your firm.
What is Ransomware?
Ransomware is a type of malware that restricts users from gaining access to their network or data by encrypting it. For a victim of a ransomware attack to get the decryption code and regain access to their own data, they must pay a ransom. If the victim does not pay the ransom, they could lose their data forever. According to a survey by Capterra, 69% of law firms pay the ransom. However, only 65% of those firms can regain access to their data. This means 35% pay a ransom for nothing because the cybercriminal takes the money and never provides the decryption key. The FBI recommends that firms avoid paying the ransom, which is why backups are so vital.
What To Do To Protect Against Ransomware Attacks
- Company culture. To protect your firm against a ransomware attack, you must build a company culture that emphasizes being "cyber aware." Rather than just relying purely on your IT department or outside providers, it is crucial to educate all employees, vendors, and clients about how their behavior can either prevent or lead to attacks. Incorporating the philosophy that security is an ongoing process and not a “set it and forget it” matter will help keep everyone aware of ongoing and new security issues.
- Back up your data. One of the most important steps to take when protecting your firm is backing up your data. Businesses should perform secure backups of data on a regular basis. Besides just doing a backup, you must test backups and restore processes on a regular basis. A good practice is storing an extra copy of data in a separate location or in the cloud. The benefit of the cloud is that it adds an extra layer of protection. At Tabush Group, our Desktop as a Service (DaaS) solution, Boxtop, is built with enterprise-level encryption. Everything is regularly backed up and protected so you never have to worry about unexpected interruptions.
- Update your software and firewall. Outside software and weak firewalls tend to be a common entry point for ransomware. It is important to have a firewall with the latest updates because firewalls protect the system from malware before it ever reaches the network. According to IT Support Services Colorado, a firewall that is 5 years old is typically 50% less effective at blocking attacks than a unit that is only 3 years old. Aging hardware poses a larger security risk.
- Strong passwords and multi-factor authentication. It may seem obvious but having effective password protection is crucial. Passwords are the initial barriers for many accounts, yet many law firms fall short on basic security measures. Firms should develop a strict password policy to ensure every password is complex and comprised of both capital and lowercase letters, numbers, and symbols. Passwords should never be recycled and must be changed on a regular basis. In addition, all firms should use multi-factor authentication (MFA), which adds an extra layer by requiring employees to confirm a code via text or email. Finally, firms should have a cybersecurity breach response plan. This is a document that gives everyone at the firm, from IT and cybersecurity professionals to the executive team and media relations, instructions on how to respond to a serious security incident, like a ransomware attack.
Food For Thought
As cybercriminals continue to get more sophisticated in their ransomware attacks, ignoring these basic measures can lead to your firm being targeted. Learn more about what Tabush Group can do to help protect your firm from falling victim to a ransomware attack.