Reducing the risk of ransomware attacks

The recent and alarming spate of high profile ransomware attacks against government entities and courthouses in the United States, should be a reminder for law firms to maintain vigilance in protecting computer networks and client data.

Kevin Cheung

The recent and alarming spate of high profile ransomware attacks against government entities and courthouses in the United States, should be a reminder for law firms to maintain vigilance in protecting computer networks and client data.

 

The cost of failing to protect your network can be crippling. Once a victim of ransomware, a firm faces the stark choice of paying a ransom to access their data, or rebuilding the computer system and data in it. The ransom demands can range from hundreds of dollars to hundreds of thousands of dollars. Cities that have refused to pay a ransom have faced costs upwards of $18 million (Baltimore), and $15 million (Atlanta). Paying the ransom likely encourages the bad actor and payment does not guarantee a release of data back to you.

 

Being a victim of a ransomware attack can be a devastating business disruption, especially for smaller firms. The impact includes the loss of sensitive information, financial losses, loss of reputation and loss of the time it takes to recover. The detrimental effect can be too much to overcome.  

 

Taking steps to protect against ransomware attacks is the best way to reduce the risk of one. A lack of an IT department does not mean your firm cannot protect its system. Some simple preventative steps to take include: 

 

Train staff (including yourself)

 

The weakest security links are those that rely on staff to follow procedures. One of the most common causes of ransomware attacks is staff innocently opening malicious email attachments. Employees should never open unsolicited links or email attachments. Regular training is important as many people become less diligent without regular reminding.   

 

Email and web filters

 

A great way to compensate for a lack of staff diligence is to prevent harmful items from reaching them. Adjust spam settings to prevent phishing emails and executable files from reaching employees.  Likewise, configure firewalls to block access to known harmful IP addresses. A Google search will pull up lists of malicious IP addresses and URLs to block. 

 

Anti-virus and anti-malware programs

 

Your computers must have anti-virus and anti-malware software installed and scanning your system regularly. This software should also be scanning incoming and outgoing emails for threats.    

 

Backup regularly

 

A backup procedure for data stored on your computers is mandatory. With data backed up, you will eliminate the need to pay a ransom to access and restore data. It is prudent to have backup redundancies, such as backing up offsite and backing up to an offline external drive. 

 

Update operating system

 

Your firm must have an updated operating system on all computers. Updates are not there just to make your desktop pretty and enhance the user experience. Updates are issued to protect the system from security threats. 

 

Strong passwords

 

The use of excellent passwords cannot be emphasized enough. Multi-factor authentication is a must, and the use of a password generator and manager is encouraged. 

 

Cybercrime Insurance

 

Given the crippling costs of cybercrime, insuring against it is a growing market. For smaller firms that do not have an IT department and have less sophisticated security measures, cybercrime insurance could help maintain business continuity in the event of an attack.

 

Many of these suggestions may seem obvious. However, the increasing trend and boldness of ransomware attacks suggests that businesses are not getting the message to protect themselves. Why make yourself an easy target? Remove the opportunities for an attack by implement some simple preventative measures.  

Recent articles & video

Last few days to nominate in the Top 25 Most Influential Lawyers

Why this documentarian profiled elder rights advocate Melissa Miller in Hot Docs film Stolen Time

Saskatchewan government boosts practical learning at University of Saskatchewan College of Law

BC Supreme Court clarifies the scope of solicitor-client privilege in estate administration

Federal Courts invite public feedback on the conduct of a global review of its rules

BC proposes legislative changes to support First Nations land ownership

Most Read Articles

National Bank cannot fulfill Greek bank’s credit guarantee due to fraud exception: SCC

Canada facing pervasive ransomware, broader cyber-criminal landscape and threat from AI: lawyer

Ontario Court of Appeal rules against real estate developer for breach of a joint venture agreement

Canadian Lawyer partners with legal associations to survey legal graduates