Law Firm Ransomware Attacks: Tips for Prevention & Protection

With ransomware attacks on the rise, law firms are becoming increasingly lucrative targets due the volume of sensitive client data law firms typically capture and store during the course of their work. Simply put, the cost, time and hassles of recovering from such an attack can be devastating. Learn how and why ransomware attacks occur, along with simple best practices for preventing them in the first place.

What is Ransomware?

Within the global explosion of cybercrime – crimes committed mostly or entirely by digital means – one of the standouts is ransomware. Once upon a time, cyber attacks were small in nature, crude and likely to consist of emails in spam folders sent to individuals, tempting the receiver to click something nefarious. However, more sophisticated ransomware attacks have been on the rise in recent years, affecting larger organisations including banks, government departments, hospitals and law enforcement.

Ransomware typically consists of a hacking-based attack that locks up or disables victims’ files, accompanied by demands for a large payment (ransom) before files can be unlocked or reinstated. As large organisations routinely store back-ups of their data, there is also the threat of cybercriminals leaking the victim’s files or confidential information if a ransom is not paid. 

Ransomware has actually been around since the 1980s. However, awareness of attacks has been more prevalent in the current decade. Apart from well-publicised attacks on huge companies like Apple, we have seen recent cases closer to home. Large organisations have been brought to their knees as malicious software perpetrates their systems and effectively halts business until the situation is rectified. In fact, according to a report in The Economist, officials say ransomware is the “single biggest threat” in the organised crime world today. Companies are responding by investing large amounts of money into protection and prevention strategies. There is no doubt that the problem is very real and becoming more complex all the time.

Ransomware Attacks on Law Firms

So, how does ransomware affect the legal industry and in what ways are law firms most vulnerable? Law firms typically hold large amounts of sensitive client and case information, making them prime targets. Cybercriminals are also becoming more aggressive and manipulative in their approach, aware that law firms and other organisations, such as hospitals and government departments, have little tolerance for downtime. This is all the more reason why a good prevention strategy to secure your firm’s data isn’t just a best practice but a real obligation.

It may sound obvious, but with a bit more care and attention directed to employees’ everyday actions, firms can help mitigate potential attacks. For example, poor passwords, not changing passwords, and/or lack of multi-factor authentication can all make your firm more vulnerable. Account sharing between admins and fee-earners, or reusing USB drives should also be stamped out. With the rise of remote working, the reliance on central servers and a more mobilised workforce, these potential risks are increased, requiring extra vigilance. 

Based on these factors, there are key strategic and operational areas your firm should regularly audit and review. These areas might include the hosting environment, vulnerabilities in the current tech stack and the ongoing use of technology, device settings and user policies and security. There should also be a focus on educating and upskilling your staff to ensure that everyone is clear on the most updated information and security protocols. 

Best Practices for Preventing a Ransomware Attack

As ransomware threats are here to stay, what are some key actions you can take now to protect your firm? Here are seven simple strategies for preventing a ransomware attack. 

1. Risk Assessment

Start by considering your current security footprint. Conduct an annual cybersecurity risk assessment for a full report on your firm’s information assets and any areas of security that should be tightened up. There is also the option of penetration testing (controlled hacking), which can help identify and rectify network vulnerabilities. There are many cybersecurity companies available to do this testing. 

2. Anti-Ransomware Software

Most organisations have anti-virus software set up, but what about specific anti-ransomware software? Cybercrime tactics are ever-changing, so it can become difficult for anti-virus software to detect a ransomware attack necessitating a more specific program. It is also worth thinking about your firewall, which requires constant monitoring and updating as well. Firewalls and anti-virus software systems cannot fully protect your data if someone isn’t checking in and monitoring any discrepancies or patching security vulnerabilities as soon as they are discovered. 


3. Software Updates

Ensure all of your software is up to date at all times. You should enable automatic updates on software that offers it and check for updates on software that does not. Be aware when software is nearing end-of-life status and upgrade it, along with replacing any unsupported devices. 

4. Passwords and MFA

Using complex passwords for each and every account is standard practice; however, passwords alone are not enough to protect your data from a serious attack. Multi-factor authentication should be standard and enabled for all business applications. This is the single most effective way to prevent many of the methods hackers use to compromise networks and install ransomware. 

5. Phishing Schemes

With the majority of communication done by email, phishing schemes remain a primary method of entry for ransomware attackers. These often target individuals and dupe them into clicking links, downloading attachments or entering details into bogus websites. All of these avenues can contain potentially harmful malware and open the floodgates to an attack. Law firm staff should be regularly trained and updated on sophisticated phishing schemes and aware of the latest threats and trends in these areas.

6. Physical Security

Most law firms now have a significant number of mobile staff - distributed between offices, home, court, client offices or other locations. Vulnerability will therefore always exist with physical accessibility, whether through digital or physical means. Practices such as machines being left in locked boxes or kept on person and having a device tracking system for your fleet of devices is key. Again, password rotation and MFA is vital in case an individual loses or takes their attention off their device in public or in the presence of others.

7. Communications & Training

Think about increasing communications with staff – emphasising the risks, reiterating good practice and ensuring everyone is on the same page in relation to the importance of Ransomware. Delegate one central person to keep everyone informed about data security, similar to a Health & Safety representative. The more these messages are circulated electronically, in person and visually, the more likely people adopt them as normal practice.

How Actionstep Secures Your Data

Actionstep takes ransomware and the threat of all malicious cyber-attacks extremely seriously and has implemented prevention policies and procedures to provide the best possible data protection. Actionstep’s VP of Engineering Stevie Mayhew says leveraging the current AWS (Amazon Web Services) environment correctly is one of the core pieces of this prevention strategy: “The environment is regularly audited by third party security tests and we work with the AWS team continually to ensure we are in the best possible position from a security point of view.” 

Prevention is the Best Protection

Ransomware is fast becoming one of the biggest threats to your firm’s data. 

The point at which someone logs into a system or opens a file is the open door that hackers can use to enter. “The greatest risk remains a well-meaning staff-member plugging in a USB drive they found at reception to try and identify the owner, meaning all the hard work of prevention might go out the window,” Mr. Mayhew said. More focus on actions like MFA, looking after your internal networks, machine tracking and fleet management all help towards heightened security.

Ensure you are properly prepared and protected from the latest threats by investigating your current protection and updating if necessary. Cybersecurity needs to be constantly under surveillance, monitored and updated regularly to provide the optimum level of protection for your firm. 

Ready to learn more about Actionstep’s security features? The best way to understand the value is to see it in action.

Contact us to set up a demo today.

Written by The Actionstep Team