Protecting Your Firm From Ransomware Attacks
You’ve probably heard of the term “ransomware”, but what is it? Ransomware is a form of cyber attack in which malicious outside actors take over a computer system and hold it hostage. They won't return your access or your data until you send them a payment.
An uptick in attacks
In the last eight months, there has been an uptick in ransomware attacks as businesses have shifted to working from home. When hit with a ransomwhere attack, more than half of Canadian organizations are paying the ransom to get their data back.
Law firms are also frequent targets.
The Law Society of Manitoba reported that two law firms were the victims of ransomware attacks this past Spring. According to an article by CBC, the attacks likely occurred when someone at the law firm clicked a suspicious link or opened an infected email attachment. The firms were left unable to access key client information.
How ransomware works
While there are plenty of variations, a ransomware attack has a few standard steps:
- A computer system, commonly belonging to hospitals, schools, or businesses, is compromised through on-site infrastructure (servers), phishing, and/or other means. This could happen via an employee opening up a suspicious file or link
- Having gained access, the attacker locks the victim out from their own system, restricting their ability to access their data and complete critical tasks
- The attacker then makes a demand for payment, often in the form of cryptocurrency such as Bitcoin
- The demand is accompanied by a threat, i.e. if payment isn't made by a specific time, then the lockout will continue and sensitive data will be released to the public
Protecting against ransomware attacks
While these attacks sound scary, there are simple steps that you can take to protect your firm and your clients.
-
Update your software - You're probably used to being prompted to install updates on your computer. Though they may seem annoying and too frequent, they’re critical to digital safety. Keeping software up-to-date ensures that you have the latest protections against newly discovered vulnerabilities. The longer outdated software (i.e. Windows XP) sits on your computer, the more vulnerable you become.
-
Limit administrative privileges - Administrative privileges determine who has permission to do what on your computers. They’re generally set up when new software is installed. Be sure that when you set these privileges, you’re only providing access to those who need it. The more access you grant, the more vulnerable your system is.
-
Be cautious - The internet can be a scary place. It’s best to follow your computer’s safety recommendations and avoid websites that appear to be risky, as well as suspicious emails. Train your staff to be on the lookout for these types of attacks. Taking five minutes to verify that an email attachment is legitimate can save you thousands of dollars and months of hassle.
-
Verify software sources - Malicious actors often access targeted computer systems by disguising their software as something legitimate people are looking to download from the internet. For example, pretending to offer a Microsoft Word download, or mimicking a popular app in the app store. Before you download something, make sure that it's coming from where it's supposed to be. Things like file names and reviews from other customers can be helpful in determining this.
The benefits of cloud-based software solutions
Personal computers are isolated, which makes them more vulnerable to ransomware attacks. Cloud databases, on the other hand, have proper security protocols that are much harder to get past. They take precautions like powerful encryption and regularly make backups in multiple locations.
Additionally, you can manually back up your important files in a different location. This increases the chances that you can continue to access them if you do encounter a ransomware attack.
All in all, vigilance, as well as dependable cloud-based software solutions, are easy ways to safeguard against malicious ransomware attacks. Do your best to stay current on your updates, and you’ll be in a much more secure spot moving forward for yourself and your clients.