Back in the day, keeping your law firm secure was mostly about putting important files under lock and key. A security breach meant an actual physical intruder or theft.
Now, law firm security is far more complex. There are more types of threats to consider — from phishing to digital eavesdropping to botnet attacks. Not only are there significantly more bad actors on the scene, but they can infiltrate your firm’s confidential documents and data from anywhere in the world. And they could have hundreds or even thousands of potential entry points through your team’s various app accounts and devices.
To help your firm stay secure, it’s important to understand the types of threats you’re up against. One of the primary cyberattacks against law firms today is ransomware. Here we’ll walk through what ransomware is, where it comes from, the risks for your firm, and tips and resources you can implement to help prevent ransomware attacks.
Ransomware 101: How Does Ransomware work?
Ransomware is a type of malware designed to hold a victim’s data hostage until an untraceable ransom is paid. This can be accomplished by locking users out of their devices or by identifying data storage drives on the infected system and encrypting files within each drive. (In other words, your documents and data become completely unreadable unless you have the correct cryptographic key.)
The scariest part is that it doesn’t stop there.
Most ransomware attacks go undetected until after the damage is done. If you don’t have the right preventive measures in place, the initial ransomware infection can quickly hitch a ride to every shared device or file that was accessible from the original computer.
Of course, even when the victim pays up, there’s no guarantee the attacker will actually decrypt the data. In fact, many go on to extort more payments from the victim using threats to expose sensitive data or sell it on the dark web.
Where Does Ransomware Come From?
Law firm ransomware attacks take countless forms and exploit a constantly evolving mix of hardware, software, and human vulnerabilities. Some of the more infamous ransomware varieties you may have heard of include locky, cryptolocker, or petya, and they all make infected data useless or inaccessible.
Ransomware can arrive when an unsuspecting member of your team opens a phishing email or downloads a file from a malicious source. But who’s behind it?
The truth is ransomware attacks can come from a single bad actor in search of bragging rights — the way a vandal might choose a car at random to steal or slash a tire. Often, however, these attacks are more organised, sinister, and deliberately targeted. After all, if the attacker is going to go to all the trouble of initiating an attack, they want to ensure their target can actually pay out.
Who is at Risk to Receive Ransomware Attacks?
You don’t have to be a mega-corporation with incredibly deep pockets to be a target for ransomware.
The Ohio State Bar reported almost 25% of ransomware attacks target professional services firms, especially small and midsize law firms, and the average ransom payment was more than $220,000. This may be due to SMBs underestimating their risk and failing to take the proper precautions against ransomware and other security threats.
And we’re all familiar with the high-profile attacks against larger firms over the last five years.
There’s no question that law firms can be a particularly tempting target — not just because of the money, but because of the sensitive client and matter information they possess.
The Growing Risk of Ransomware
In 2020, the ABA Journal reported on two small law firms whose data was attacked by the hacking group Maze. In past incidents, Maze has ransomed similar attacks for more than $1 million — dramatically impacting the growth of their victims.
In light of these attacks, it’s clear that if you haven’t experienced a ransomware attack yet, the odds are that your turn is coming, and the risk goes up every year. The Joint Cybersecurity Advisory reported 2021 trends show an increased globalised threat of ransomware, and they observed incidents involving ransomware against 14 of 16 of the US critical infrastructure sectors.
Put simply, you should think of a law firm security breach in terms of when, not if.
The combined impact of these kinds of cybercrimes is mind-blowing, with losses running into the billions. The disruptions hit just about every sector you can think of, sometimes disabling vital systems that sustain law firms, financial institutions, hospitals, airlines, and even critical infrastructure networks.
Implement Ransomware Prevention Strategies at Your Firm
There are many ways you can help prevent — and mitigate the effects of — ransomware attacks against your law firm. The more precautions you can implement, the better off you’ll be. Here are eight steps you can take.
1. Perform a ransomware risk assessment and plan for disaster recovery.
Make sure you have written data protection and disaster recovery plans in place. It’s also important to share them widely in your organisation so that everyone understands their role in protecting your data. Ensure buy-in from top leadership because this is a business decision, not just an IT decision. Regular phishing tests are very effective tools to raise awareness and vigilance.
2. Use multifactor authentication and robust password management.
Ransomware attacks often start with phishing, where the attacker will gain access to the network by stealing a legitimate user’s password. Reduce the risk of phishing by using both multifactor authentication (MFA) and password management tools.
MFA requires at least two forms of verification for a user to gain entry to the system — for example, a correct password and a push notification or call to the user’s mobile phone. Password management tools can enforce sufficiently complex passwords, regular password updates, and other security best practices that will limit opportunities for bad actors to access the system.
3. Ensure your software and security patches are current across all applications.
Ransomware protection isn’t a one-and-done activity. Threats evolve rapidly to get ahead of new security measures, and new vulnerabilities will open up with shifting user habits and as you adopt new hardware and software. It’s important to keep your apps updated so you’re protected against the latest threats and vulnerabilities.
4. Drive adoption of preventive software tools.
Follow a rigorous IT process for installing antivirus software, email filtering features, and antivirus applications and be sure to keep them up to date. Even the most powerful tools are no good if your people don’t adopt them — so train, train, train. And implement measures that are “invisible” and seamless for users.
5. Perform frequent systemwide backups.
There are business continuity software platforms that can help you recover from a ransomware attack by restoring your systems to the last known safe state before the attack took place. The best ones allow flexible physical and virtual restoration.
6. Keep your backups physically separate.
If your backup files are accessible from your daily operating platform, chances increase that they can become infected when your endpoints “phone home” to upload new versions. Separate storage appliances are widely available at a variety of price points.
7. Stay informed about the latest ransomware threats.
The FBI, the Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency (CISA) all publish regular reports and updates on new trends and vulnerabilities to watch out for. You can subscribe to authoritative newsletters and adjust your protection plans regularly.
You should also ensure the teams behind your most important apps and platforms are vigilant about recognising and responding to new security threats. It takes reliable partners to help keep your data safe and secure. Learn how NetDocuments helps law firms meet — and exceed — security and governance requirements.
8. Provide phishing training to help your team avoid attacks.
Your team members might not be fooled by a classic “Nigerian Prince” scam email, but phishing and other cyberattacks are growing far more sophisticated. Provide ongoing security awareness training that covers common phishing techniques so your team can stay savvy to recognise potential threats and know what to do when they encounter one.
A Strong Approach
The most important thing you can do for your firm is to stay vigilant and stick relentlessly to common sense best practices. Taking preventive measures and increasing awareness will ensure you’re prepared for today’s never-ending data protection battle.
How NetDocuments Can Help
The NetDocuments platform is designed to help you gain control of your documents, emails, and discussions. While your data is within our platform, our award-winning security provides a flexible and robust framework that can help protect you from ransomware attacks. Want to learn more? Schedule a demo today!
Get more tips on how to prevent a data breach by watching this free, on-demand webinar.