Law firms are more likely to pay ransoms after they’ve been hit by a cyberattack than businesses in the banking, insurance, retail, and leisure and hospitality industries, according to a recent study by cloud service specialists Timico and data protection provider Datto.
Law firms rely on their firms and their client’s digital records and work under hard deadlines, making them extremely vulnerable to ransomware attacks.
If you work for a law firm, that probably isn’t a surprise to you. However, even though lawyers know better than anyone the consequences of leaking legally protected information, many law firms still underestimate the ransomware threat.
At 88 percent of the firms hit by ransomware, their systems were offline for at least a week and 68 percent of the surveyed firms had their systems shut down within seconds or minutes of the attack.
And hackers are getting better and better at finding and infecting law firms. The managing director of Datto EMEA, Andrew Stuart, said of the hackers behind ransomware attacks, “They are looking for the firms most vulnerable to this kind of attack. It is terrifying that on the Dark Web you can buy a ransomware business and all you need is a list of firms to target.”
Hackers are honing their skills while law firms are ignoring them and paying the price. And what is that price? Well, 53 percent of the infected law firms said the price was between $1,000 and $2,000 per day plus the cost of the ransom.
Here are a few steps you can take today that will protect you from ransomware.
No. 1: Back Up to Avoid Total Shutdown
You can back up your files through the cloud or you can do a local backup, but all firms should have some sort of backup so that when their files are encrypted they won’t be shut down. Backups don’t just help prevent ransomware attacks, they can also come in handy if there is a loss of data due to a technical failure.
Any law firm that fails to back up their data will have to choose between working without their files or rewarding a cybercriminal with a ransom; don’t be one of them.
No. 2: Use Grown Up Passwords to Lockout Criminals
Creating strong passwords is a simple step that you can take right now.
While it can be tedious remembering several passwords that are random letters and digits, it’s a necessary step for personal cybersecurity as well as legal firm cybersecurity.
Simple measures like requiring complex passwords to be 22 characters long will boost a law firm’s password security. Utilizing two-factor authentication adds an even stronger layer.
Firms should encourage and even require that employees use complicated passwords, but be careful about requiring employees to change their passwords frequently. If people are forced to come up with new passwords often they will be tempted to use parts of their old passwords and make themselves vulnerable to hacking.
No. 3: Develop Preparation and Response Plans
Twenty-two percent of law firms had no cyberattack preparation or response plan, according to an ALM Intelligence study and only 38 percent said their firms had a disaster recovery plan.
By failing to prepare for an attack, firms are opening the door to cybercriminals. In 2016 law firm data breaches rose by 3 percent from 2015, and cybercriminals are only getting better and better at working around current security measures.
With that in mind, law firms that are operating without compliance officers and cyber liability insurance, are walking on thin ice.
Create a plan as soon as you can that will help you and your employees prevent and respond appropriately to cybercrime.
Don’t know where to start?
The top tier response solutions and prevention tools are reserved for firms with over 5,000 employees, but that doesn’t mean your small firm can’t access them too
No. 4: Train Your Staff NOW
Do your employees know how to avoid exposing your network to hackers? Do they know what to do if they are targeted by hackers through phishing scams and other attacks? Only 49 percent of legal firms are training their employees to ward off attacks. That means that just over half are relying on antivirus software to protect their company, which is a huge mistake. Studies show that most antivirus software leaves you vulnerable to 65 percent of malware and ransomware threats. Do you trust your untrained employees to keep well over half of the malware threats out of your network? Craig A. Petronella