Protecting Your Law Firm Against Ransomware
Any security controls aimed at addressing ransomware attacks are best grouped into and aligned with the National Institute of Standards and Technology’s Cybersecurity Framework (CSF), which can be summarized broadly as: identify, protect, detect, respond, and recover. We will focus on the first two, but the last three are also important operational steps to recover from any attack. For law firms, they translate into:
- Identify. Identify your critical systems and applications, as well as your clients’ confidential data.
- Protect. Best practices include required authorization and authentication, antivirus software, encrypted backups, and staff training.
- Detect, respond, and recover. These three are interconnected, but it is worth mentioning that immutable backups play a crucial role in responding to and recovering from ransomware attacks. The better the backups, the less urgency there is to pay a ransom. Security experts recommended that businesses maintain at least one air-gapped backup (i.e., a backup that is not connected to the Internet 24/7).
For the last three years (2020–2023), the most common entryways for cyberattacks such as ransomware have been (1) email phishing; (2) compromised credentials (passwords, etc.); (3) software vulnerabilities, including operating system vulnerabilities that potentially can be exposed to the Internet; and (4) disgruntled insiders (or soon to be ex-employees). These are the areas where you should look to enhance your law firm’s security.
Strengthen Your Access Credentials
Eighty-five percent of ransomware infections are due to the users’ own activity and compromised credentials. Time and again, these have been the main and easy paths for hackers to infiltrate any organization and plant malware. Although it helps to add layers of defense such as multi-factor authentication (e.g., entering both a password and a one-time code sent to the user’s smartphone), these defenses are not foolproof, and businesses as large as Microsoft and Google have reported attacks that bypassed their multi-factor authentication systems. Security experts now strongly recommend moving away from traditional login passwords and transitioning toward better solutions such as bearer-aware authentication codes that are anti-theft, anti-replay, anti-phish, and anti-bypass.
Keep Your Anti-Malware Software Up-to-Date
Ensure that your antivirus software is updated regularly and has capabilities beyond signature-based virus detection. These non-signature-based techniques go beyond recognizing known malware signatures and detect abnormal activity and behavior of morphable viruses/malware.
Maintain Good Backups
While a good system for creating backups is generally considered to be a preventative measure, it is actually one of the important controls in the protection against ransomware. As a general rule, one should aim at a 3-2-1 backup strategy for your invaluable data: three backups with at least two different media (e.g., both cloud backup and USB local backup) and at least one air-gapped backup.
For the cloud storage backup, use the native encryption capabilities offered by the vendor so that all confidential data is encrypted at rest/storage. Ensure the safety of the encryption keys with strong authentication. This ensures that even if bad actors get hold of your valuable data, they still cannot extract ransom by threatening to publish it as plaintext.
Restrict Access and Authorization
Reduce the number of users with privileged access to confidential data and systems. Use “least-privilege,” role-based access control: Users should have access only to those systems and data that are necessary for them to perform their jobs.
Reduce the number of third-party users and clients on shared storage systems, especially regarding the intake and exchange of confidential data. The compromise of a single user credential by hackers can lead to the injection of malware-embedded documents into the shared system; these documents, when opened or shared, then trigger the infection of local systems. When a case engagement is closed with a client, it is best practice to remove or temporarily suspend the active account for that client on your systems.
Closing Advice
Here are four basic steps your law firm can take to guard against ransomware and other cybersecurity attacks:
- Invest in a secure system with up-to-date security measures. This will ensure that your data stays safe and secure and will also give you peace of mind knowing that you are doing all you can to protect your practice.
- Educate your staff on the importance of cybersecurity and how to keep their passwords and credentials safe. This will help to reduce the risk of a breach and make sure that your clients’ data is secure.
- Regularly monitor your system for any potential threats or suspicious activity. This will help you detect any potential security threats quickly and take the necessary steps to mitigate them.
- Make sure that your business is compliant with all applicable laws and regulations. This is important to help protect you from potential malpractice lawsuits due to data breaches or unauthorized access to client confidential data.