stay connected facebook twitter blog.thomsonreuters.com YouTube LinkedIn
THOMSON REUTERS ELITE
Forefront eNewsletter

Q1 2017 EDITION

Three Ways to Protect Your Firm from a Ransomware Attack

You’ve got enough to worry about, managing the daily operations of your practice, let alone the complexity of protecting your firm from nefarious threats lurking in the shadows.

CIO Today reported, “According to the Cisco 2017 Annual Cybersecurity Report (ACR), over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity, and revenue loss of more than 20%.” The Small Business Administration indicates that approximately 40%-60% of small businesses never reopen their doors after a disaster (2017).

Did you know that ransomware is as big and organized as illegal drug trade? Frightening—what is ransomware? Ransomware is a type of malware that restricts access to the infected computer system in some way and demands that the user pay a ransom to the malware operators to remove the restriction.

How can your system become infected? One of the simplest ways for your system to become infected is by a user opening an attachment or link placed in an email that triggers the spread of the malware once opened. This can happen intentionally or unknowingly from a staff member using one’s own device. BYOD (bring your own device) is the increasing trend toward employee-owned devices within a business. Smartphones are the most common example, but employees also take their own tablets, laptops, and USB drives into the workplace. Let’s say the unprotected, meaning without anti-virus software, laptop goes home on the weekend, and the kids play games on it or download an app that unknowingly loads malware. The employee returns to work on Monday with the infected laptop and logs into your server and—Attack!

Whether your firm is currently in the cloud or considering a move to the cloud but not sure who to collaborate with, here are three steps you can take to minimize your cyber risk and disruption to your practice and the reputation you worked so hard to build. If you are ready to take action, but feeling overwhelmed as to finding the right technology for all partners, here are three things you can do to move toward progress and a peace of mind.

Top Three Considerations

  1. Choose Expert Partners
    Make sure you work with a cloud provider who has expertise in the legal industry. Be certain that they understand how your team works, the confidentiality of your data, and your industry audit requirements. Be sure that your encryption meets regulatory requirements.
  2. Insist on an Excellent Backup Strategy
    Long gone are the nightly backups of data on tape storage that is rotated (one for each day of the week) and overwritten. Images, known as snapshots, rather than backup of actual data are highly recommended as the industry standard. Snapshots can include programs with patches, serial numbers of your devices, databases, and operating system with the goal being that your system can be fully recovered quickly. Ideally, the only information you lose, is the time the images are captured. Your provider should set up the storage of the images on a server that is separate from your production data and install RMM (remote monitoring and management) software. RMM allows 24/7 monitoring for quick detection of incidents, such as system failures or cyber-attacks.
  3. Train Your Users
    Security is a shared responsibility between your cloud provider and all of your firm’s end users. Train all users, including your partners, staff, and other stakeholders on best practices for maintaining a secure environment. Team up with a cloud provider who can assist you with this task and revisit frequently. It is vital to understand this shared responsibility. In the past, the IT provider was solely responsible, but today it is a team effort with your cloud provider to share education, coaching, and best practices.

Final Thoughts

The value of your business data is incalculable, so protecting your business and your employees by ensuring you are prepared for the eventuality of a natural or an orchestrated disaster is critical. Select a cloud provider that specializes in the legal industry. A provider that you can trust working as your IT department or an extension of your existing IT team to customize your private cloud and to help you manage your practice. Work with your team to create a continuity plan and test it. Finally, educate your staff, partners, and stakeholders to share the responsibility of your security.

Remember, your firm is unique, so should be your IT strategy.
 

Worldox

LevelCloud is a cloud hosting provider for ProLaw. It can host a firm's entire network, including all applications, and deliver it securely and cost-effectively to any mobile device. The company also provides value added services such as managed IT services, email archiving, spam filtering, exchange hosting, and more, offering a turn-key cloud solution at a fixed monthly cost. Click here for more information.

 
 
Back to front page   |   Contact Forefront