In 2016, we wrote a blog post that detailed when law firms should consider switching to managed services. The article discussed the various technology issues that signal the need for a change in how their IT is managed. One area we talked about was falling behind the IT security curve, or in other words, not proactively keeping systems protected from the latest cyber threats. In 2017, that issue has taken on even more importance as there are mounting concerns surrounding access control, data integrity, and other IT security threats – specifically ransomware.
Cyber Security Attacks on the Legal Industry
In 2016 we saw an immense rise in the amount of ransomware attacks on businesses, and unfortunately, 2017 is poised to see an increase as well. In its simplest form, ransomware takes data hostage and forces users to pay to get that data back. Businesses become locked out from the data and tools they need to function, and operations can grind to a halt.
Law firms are one of the hardest hit industries by these types of attacks for several reasons:
- Most law firms operate on a billable hours model, and without full access to their systems and data, they can't make money. Attackers know that lawyers will be willing to pay, and as fast as possible.
- Lots of small and medium-sized firms don’t have an updated IT security profile and aren’t prepared for an attack. Without proper data backups and a recovery plan, these firms have no option but to pay the amount requested and hope that access is fully restored (and in some cases it isn't, even if you pay the ransom).
- There’s a wide variety of users at law firms – some of whom are not tech savvy and may be more likely to click a link in a malware-laced email. It provides hackers an easy route of attack.
When hit with ransomware, businesses are typically asked to pay $1,000-$2,000 to get access to their data restored. However, the process to pay that ransom isn’t a simple click of a button. It requires a complex, time-consuming set of tasks just to pay the people who are holding your data hostage.
From start to finish, a ransomware attack begins with users being barred from accessing critical data. Most businesses try to quickly research how to fix the problem, attempting to figure out if they should pay the attackers or not. However, without data backups and a recovery plan, there’s really no other option but to pay. What’s often not mentioned is that the process of actually paying the attackers can take days, due to their use of Bitcoin. It's a hassle, and especially frustrating for those trying to figure out Bitcoin for the first time amid an attack. Paying the ransom involves:
- Taking cash out of your bank and finding a Bitcoin ATM
- Creating a Bitcoin wallet and authenticating it
- Converting your cash into Bitcoin using the ATM
- Conveying the Bitcoin ID to the Ransomware attackers
- Waiting for them to send the unlock key so you can access your data again
It’s a difficult, stressful situation to be in. Sensitive data is in the wrong hands, work can’t get done, and it can take days to remedy the issue.
The Need for Data Backup & Disaster Recovery
The growth of ransomware points out the need for consistent data backups and a disaster recovery plan for not just law firms, but any business. Instead of losing days of work and sensitive data, a business continuity plan maps how your business can get back to normal operations quickly, should an event like this occur.
Apogee IT Services clients receive data backup and disaster recovery as part of our Core Four services and managed services solution. In the event of a ransomware attack, accidental deletion of data, or other event, Apogee is able to roll back systems and restore them from a recent backup. No ransom paid, no lost workday(s) -- just returning to business as usual. In 2017, data backup and a disaster recovery plan are critical to help protect organizations, as well as a solid IT security profile.
If you would like to hear more about how we protect our clients' data and work to develop a business continuity plan customized to their business, please contact us today to speak with one of our representatives.