Before you can prevent a law firm ransomware attack, you need to know what ransomware is. Ransomware is a type of malware/cryptovirus, like an encryption Trojan, that encrypts your data or locks your operating system. As soon as ransomware gets hold of a “digital hostage”, such as a file, it demands a ransom for its release. In the majority of cases, it is unbreakable and the owner/system admin will have to pay a fee to regain access. Over the last few years, this has happened numerous times to major institutions, including divisions of local government.
Law firms are becoming increasingly targeted by ransomware attacks because law firms hold a lot of highly sensitive data. In recent years, major law firms have been hit by ransomware attacks. In fact, an American Bar Association report release in October 2020 found that 29% of law firms reported a security breach. More than 1 in 5 firms stated they weren’t sure if there had ever been a breach or not, while 36% reported a past malware infection in their systems.
Though much of the reporting is on larger firms that have been targeted, whether a massive global firm or a sole proprietorship, your firm has confidential client data that could be worth millions of dollars to hackers. Just think of all that personably identifiable information (PII) that many law firms hold – a potential gold mine for hackers on multiple fronts. So, what affirmative steps can you take to prevent a law firm ransomware attack?
There are a number of factors that increase your firm’s vulnerability in the case of an attempted law firm ransomware attack, including:
- Your equipment (computers, servers, phones) are obsolete
- Your devices are not using the latest operating systems and software (even a new device running older software is vulnerable)
- Browsers and/or operating systems are no longer supported and maintained by their creators, so no new security patches are released
- You don’t have a proper backup system in place
- Insufficient attention has been paid to cybersecurity, and a concrete, tested business continuity plan has not been put in place
- No ransomware and/or malware protection systems are in use
Many firms think that using cloud-based technologies increases their vulnerability while maintaining their own servers (in the basement, in a closet, etc.) increases security. In fact, the opposite is true. Self-maintained systems, especially those without ongoing IT support from cybersecurity technicians (or with small or part-time tech staff) are far more vulnerable in the case of an attack than the majority of cloud-based technologies. Systems built on Microsoft Azure, Google Cloud, etc. have the advantage of those organizations’ armies of cybersecurity experts that are working 24/7/365 to maintain and secure systems, and also prevent attacks.
Pay attention to email addresses and never click on unsafe links
This is a very popular way to initiate a law firm ransomware attack. Many hackers are successful because they “spoof” email addresses, meaning they are trying to pose as something they are not. If you’ve unexpectedly received an email from a company, web support, etc. look very, very closely at the email address and compare it to the actual company website. Often, the “spoofed” email address will contain very minor typos or alterations that are hard to catch – such as replacing similar-looking letters (“n” and “m”, “i” and “l”) or using different domain endings (“.net” instead of “.com” etc.). Don’t just look at the display name. If an odd-looking email contains a link, don’t click on it!! Also, don’t navigate to it separately to check. If could start an automatic download with a virus that will take control of your system.
If you are uncertain, contact the purported sender in a new email thread or forward the email to your IT department and ask them to check the security.
Do not open suspicious email attachments
If the email is coming from a verified sender – someone you know and regularly interact with, it’s probably a trustworthy attachment that you can open. If you’ve received an email and attachment you’re not sure about – you can’t verify who it’s from, you weren’t expecting it, etc. DO NOT OPEN IT! If the attachment is infected, opening it will run a malicious macro that gives malware control of your computer. It’s better to contact the sender separately and ask them to send the contents of the document in the body of the email.
Avoid disclosing personal information
Cybercriminals who are planning a ransomware attack might try to collect personal information in advance, which is then used to tailor phishing messages specifically to you. Avoid disclosing personal information (address, date of birth, social security number, etc.) in unsecured emails. This means via free email platforms and on open internet connections (public connections that anyone can access, with or without a password – a coffee shop WIFI connection probably isn’t the most secure connection for entering highly confidential information, see below).
Never use unknown USB sticks or storage devices
If you find a USB or other storage device, or someone you don’t really know gives you one, don’t just plug it in and open it up. It may have been infected with ransomware or malware. It is better to take such devices to an IT expert who will know how to properly investigate and check for viruses.
Use only known download sources
To minimize the risk of downloading ransomware, never download software or media files from unknown sites. When downloading directly from a website, check that the URL/address begins with “HTTPS” instead of “HTTP”. HTTPS sites are secure and verified. Obviously, you can trust sites like the Google Play Store or Apple’s App Store, but avoid downloading dubious files on mobile devices as well. If you’ve connected your email, banking apps, etc. to your phone some viruses can reach beyond your phone and take control or lock you out of connected systems.
Keep your programs and operating system up to date
Regularly updating programs and operating systems helps to protect you from malware. Microsoft, Google, Apple, etc., all employ thousands of technology and cybersecurity experts that operate on both the offensive and the defensive. These teams are not simply sitting around waiting for an attack. Rather, they are constantly testing their own networks with controlled attacks to look for weaknesses. As soon as one is found, they fix it. Sometimes those update alerts you get can be annoying, especially if you get several a week. However, it is extremely important to install the updates to keep your systems protected.
Use VPN services on public Wi-Fi networks
When using a public Wi-Fi network, your computer is more vulnerable to attacks. This is true even if the public Wi-Fi network is password protected. Hotels and coffee shops, for example, hand out network passwords to hundreds or even thousands of people a day – usually, all it takes is buying a drink of some sort. So, just a few dollars, or less, a hacker (even a not very good hacker) can access a network and then, while on that Wi-Fi network attack any other devices connected. To stay protected, and prevent a law firm ransomware attack, avoid using public Wi-Fi for sensitive transactions, including accessing client documents, firm systems, etc. If you need to use a public connection and don’t have another choice, download use a secure VPN service. To properly use the VPN, close all internet windows and internet-connected apps before connecting to the internet. As soon you connect to the Wi-Fi, start the VPN. Once the VPN is running, then open your browser and proceed.