Appurity: Coping with the threat of Ransomware as a law firm
Cybersecurity is unquestionably a subject that demands attention for all of the legal sector. The pandemic, and its knock-on effect on how firms and their people went about their work, raised a number of technology challenges which cyber criminals sought to take advantage of. Ransomware (also referred to as malware) attacks certainly played a prominent part in the increase in cybersecurity incidents. This type of attack allows criminals to gain full control of your firm’s systems, denying you access to all of your sensitive and confidential client information until your firm pays a ransom.
Ransomware attacks are nothing new to the legal sector. Perhaps the most notable instance happened back in 2017 when DLA Piper, arguably one of the world’s largest firms, was hit by a ransomware attack that effectively rendered all of the firm’s telephones and emails inoperative. Indeed, it took more than a week to restore full email access. Imagine this scenario unfolding for your own firm. And things have certainly been taking a turn for the worse. According to Malwarebytes, there was a significant increase in malware incidents during 2021 with malware detections increasing significantly by nearly 80% and business-focused threats rising by over 140%. If you come to work and encounter a locked computer screen or find that your files have been encrypted, you are probably a victim of a ransomware attack.
Worryingly, ransomware attacks can target all of your communication devices, not just the firm’s PCs. These days, especially with the hybrid work models many firms have chosen to employ, smartphones and tablets are now favourite attack points for many cyber criminals. The proliferation of breaches via mobile devices represents an elevated level of risk to your firm – especially as many firms possess devices that are largely unmanaged. So-called ‘mobile malware’ is becoming the leading threat contender to all firms as hackers diversify their modus operandi to target mobile devices alongside desktop computers.
Many firms will have moved their operations into the cloud as part of their digital transformation journey. In addition, they will be dealing with a huge uptake in the use of mobile devices as their people get their work done. However, these (largely) unmanaged devices are a real risk to the firm and represent low-lying fruit for hackers. It only takes one compromised mobile to cause untold problems for your firm. For example, If they install a keystroke logger onto the device then anyone typing a password into said phone can have it intercepted and harvested for future use. Criminals now have access to your firm’s sensitive and confidential client files, as well as financial matters.
Irrespective of the size or shape of your firm, people will increasingly need to access both on-premises and cloud-based resources from any type of device and on any network. This will present many security challenges for your IT team. How are they expected to control who is accessing your firm’s infrastructure? How do they let people handle sensitive data? How are people sharing that data? There are solutions that can help your firm alleviate the risk from ransomware attacks. Protecting your people against mobile phishing attacks is an important first step as this is a very common way for attackers to steal valuable login details. Gaining a broad understanding of how your people behave online and on their devices is also very useful in helping to prevent malicious behaviour. In addition to having insight over your data, users, endpoints and apps, your solution provider should be able to provide your firm with Zero Trust access to the right users, which means that your valuable data stays within your firm’s control.
It is almost inevitable as you are reading this article that somebody already has, or will do soon, scope your firm to prod for weak spots in your security defences. With many people choosing remote working, with a heavy reliance on using smart devices for work and the potential of human error, the chances of you being hit by a ransomware attack are at an all-time high. The Legal sector must not let its guard down. Your firm should be actively seeking ways to strengthen defences against cyber-attacks of any sort, especially ransomware. Employ a robust management strategy for all of your devices and choose a technology partner that understands your security needs.