The Tabush Cloud & Managed IT Blog

Not long ago I read, “The Untold Story of NotPetya, the Most Devastating Cyberattack in History,” an eye-opening article on Wired about a massive cyberattack that happened roughly a year ago in 2017. If you have 15 minutes, I highly recommend reading it. If you don't, then allow me to summarize: In 2017, NotPetya malware infected large companies such as Merck, Maersk, and others (companies with huge IT teams and thousands of employees), and literally brought their entire operations to a grinding halt for days, if not weeks, costing them upwards of $300 million in damages per company.

The business of owning and running a law firm constantly evolves, but has seen vast change, particularly over the last few years.

A disaster in the IT world comes in many forms – natural disasters, ransomware, a cyber breach, and acts of terrorism, just to name a few.  These disasters disrupt normal business and can ultimately have severe and expensive consequences on a company’s reputation and bottom line.

The bad news is many companies think these disasters can never happen to them and don’t take the proper precautions; the good news is that prevention of many disasters is attainable, and planning ensures that when there is a disaster, your company is prepared to get back to business as usual.

Small businesses, especially law and accounting firms that deal with sensitive data and financial transactions need to be concerned about cybersecurity. Cyber attacks are becoming more sophisticated and more rampant every day. Luckily, there are some very important – and often inexpensive – things every organization can do to protect themselves.

There is an increase in the frequency and efficacy of data breaches that can bring a firm’s operations to a standstill. Data breaches are often the result of vulnerable hardware and software where security measures may be weak or out of date, presenting an opportunity to hackers and ransomware. Far too often, businesses do not realize they are victims of breaches for days or even weeks, and by then, there is often nothing that can be done to repair the damage.

“There are only two types of companies: Those that have been hacked and those that will be hacked.”  --Robert Mueller, former Director of the FBI

If cyber breaches are an inevitable cost of doing business, how a company responds to a breach is of extreme importance. It has recently been revealed that 57 million Uber users and drivers had personal information exposed in late 2016 and that the hackers were paid $100,000 to keep it quiet.  If all stories are true, the biggest issue with the Uber breach may not be the breach itself, but the lack of engagement, management, and delivery of the response. 

Equifax, one of the 3 largest credit agencies in the U.S., last week revealed a security breach which compromised over 140 million individuals’ personal information. While this is not the largest security breach ever in the US, because of the data that was taken, it has the potential to be the most severe, evidenced by the resignation of the company's CEO and the "retiring" of both their CIO and CSO (chief security officer).

Last Friday morning 7am Eastern Time, news started breaking of the internet being down on the east coast of the US. People were having issues accessing multiple websites including Netflix, Amazon, and Twitter during a period of two hours. Later that day, a second shorter outage occurred.