Quarterbacking Success in a Challenging Field: Every team needs a quarterback, especially when that team is composed of attorneys,... Helping Clients Navigate a Challenging Legal System: “ We bring the same power,resources, experience, and novelapproach to every case we... How to Get More Law Firm Reviews Online: With all the stories we hear of identity theft and security breaches these days, it can... 5 Lessons for Law Firm Marketers From HubSpot’s INBOUND 2017 Conference: I know some folks within law firms are wary of attending marketing conferences outside of... Are You a Networking Rock Star or Rookie?: If you’ve read my book The Attorney’s Networking Handbook, you probably know that I... San Diego Personal Injury Attorneys Motivated to Care: “The most important thing is that you care about what you do. As an attorney I care... COMBINING HUMAN RELATIONSHIPS WITH TECHNOLOGY’S ADVANCES: Anthony Geraci, founder of Geraci Law Firm, believes the path to success in the coming... Networking: How To Disengage From a Dead-End Conversation: We’ve all found ourselves trapped in a dead-end conversation at a networking event.... What’s New in Structured Settlements? A Lot!: Structured settlements became a popular alternative to lump sum settlements in the 1970s.... Written Schedule of Services and Fees Multiplies Credibility, Increases Client Comfort: How do you present fees in a way that emphasizes the value of your services and takes the...
Executive Presentations-468x60-1

Protecting Your Firm from Ransomware

Ransomware attacks are affecting every type of business in America, and law firms are no exception. For those new to the term, ransomware is a type of malware that operates by encrypting files on a system and demanding that a ransom be paid to have them decrypted. While encrypted, these files are unable to be accessed, which can be a huge issue when they are needed for day-to-day business operations. The problem worsens when personally identifiable information such as names, birthdates and Social Security numbers are compromised. Law firms are often a treasure trove of sensitive information and make attractive targets for cyber criminals, as compromising a firm typically garners a big payout.

Recently, the most advanced ransomware on the planet rampaged throughout the world affecting hospitals in England, universities in China, rail systems in Germany and even auto plants in Japan. Named WannaCry, this malware was made possible by stolen National Security Agency cyber weapons and could spread throughout a network due to a previously unknown vulnerability. Once a system had been compromised, WannaCry would encrypt files and display a notice to the user demanding payment of $300 in Bitcoins, a nearly untraceable digital currency, or the amount would double to $600 within three days. If the amount was not paid within a week, all files would be permanently deleted.

From a business standpoint, it’s a lot easier to pay the ransom since it’s a quick fix to a potentially disastrous problem. Additionally, because of modern encryption, it’s impossible to retrieve those files any other way. The likely scenario, however, would involve all systems in a network to be compromised bringing the ransom figure well into the thousands. The cyber criminals on the other side of the attack profit immensely from the use of this extortion.

Earlier this year, Moses Alfonso Ryan LTD, a prominent law firm in Providence, Rhode Island, was crippled by ransomware that demanded payment of a staggering $25,000. After paying the amount, the initial key to decrypt its records failed to work causing the firm to lose approximately $700,000 in lost billings over a three-month period. This resulted in a lawsuit against their insurer Sentinel Insurance Co. for breach of contract and bad faith after it denied its claim.

The question arises of what can be done to protect your business. Ransomware is normally introduced into a network or system via an email attachment that causes it to be installed once opened. Most users are smart enough to avoid unknown emails, however as technology has advanced, criminals have also become smarter. As one law firm put it, “We’ve had emails come to our lawyers purportedly from third-year law students enclosing their resumes … it wasn’t a resume, it was ransomware.” Because of the specific targeting used, determining what separates a legitimate email from spam and malware becomes tricky. It would be naïve to think that avoiding emails would prevent a malware outbreak. To be fully prepared, law firms need to take it one step further and follow best practices when it comes to safeguarding their business and clients.

Update Your Operating System

Not long after WannaCry was released, researchers were able to determine the vulnerability that was being exploited to allow the malware to spread undetected. This vulnerability was present in the Windows operating systems dating back to Windows XP. Microsoft was quick to react and pushed out a patch through Windows Update. Not every malware on the Internet makes use of such complicated vulnerabilities, and there is a good chance that simply by keeping your systems up to date you can avoid a plethora of potential attacks.

Regular Backups

In the event that you are attacked and your files are encrypted, having a backup of your data allows you to simply roll back to a point before the attack, allowing you to avoid having to pay the ransom. Backups should be made as frequently as feasibly possible, weekly at a minimum, but preferably on a daily basis. It’s also extremely important to test these backups to ensure they are working as intended. Lastly, malware often spreads to other systems on your network, so an offsite location to house these backups or even cloud storage would be preferable.

Antivirus

Similar to updating your operating system, an antivirus is your system’s first line of defense when it comes to malware. Have antivirus software, make sure it’s regularly updated, and run it on a weekly basis.

Ransomware poses a big threat to law firms, which rely on technology to run a practice. As was seen by the Rhode Island law firm, malware can have a tremendously negative effect on your firm’s finances. Being informed about how ransomware works, best practices in dealing with attacks, as well as setting up preventative and protective measures can prevent your firm from becoming a victim.

Miguel Vega

Miguel Vega is a Web Developer at Consultwebs, Miguel provides many services, including: Planning, building and supporting internal and public-facing web applications, websites and plug-ins; working with a support team to troubleshoot issues, fix bugs, implement changes and perform site migrations, maintenance and updates; and routinely analyzing and evaluating security risks within company code and network infrastructure. Visit Consultwebs.com.

More Posts

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)
PDF24    Send article as PDF   

Filed Under: Featured StoriesTechnology

About the Author: Miguel Vega is a Web Developer at Consultwebs, Miguel provides many services, including: Planning, building and supporting internal and public-facing web applications, websites and plug-ins; working with a support team to troubleshoot issues, fix bugs, implement changes and perform site migrations, maintenance and updates; and routinely analyzing and evaluating security risks within company code and network infrastructure. Visit Consultwebs.com.

RSSComments (0)

Trackback URL

Leave a Reply

  • Polls
    Sorry, there are no polls available at the moment.