Just one click…
That’s all it takes for you to lose years’ worth of data and be forced to pay upwards of hundreds of thousands of dollars for it back. What does it do? What is it? Will it happen to you? These are all common questions when people learn about cyber security either on their own or the hard way.
This “one click” I referred to is just one way someone can fall victim to ransomware. As the word implies, it holds your computer files hostage, and extorts an organization or individual to pay the ransom amount.
Ransomware has been on the rise since the mid 2000s. In 2018, there were an estimated 184 million ransomware attacks alone. These attacks can debilitate a company because the company is essentially locked out from accessing all of its saved documents and data. This downtime on average costs organizations more than $64,000. In total, ransomware cost businesses and corporations more than $75 billion a year.
How common is ransomware?
With technology software rapidly increasing in quality, this also allows groups of malicious hackers to create more sophisticated encryption softwares. As a result, any business, such as your law firm, can unfortunately become a victim of ransomware. It is common for large companies (with sensitive medical, financial or personal data) and government organizations to be primary targets.
The Baltimore City government was infiltrated with a ransomware attack in May 2019 with a ransom of $76,000 in bitcoin that crippled Baltimore City for over a month. The attack affected ATMs, airports and hospitals in the area, which cost the city more than $18 million dollars in the process.
These situations also leave huge impacts in the healthcare system. When Allscripts, an electronic health records company, was infiltrated by the SamSam ransomware, it was forced to shut down its networks to prevent the malware from spreading. This caused doctors to be unable to access patient records, prescriptions and billing services for over a week. As a result, this forced institutions to turn down patients. Though Allscripts was able to contain the fallout, lawsuits were filed against Allscripts for negligence because it was unable to protect its servers.
Can’t I just install a computer security software and be protected?
There are simple security principles that can protect you from common lesser viruses and malware. Unfortunately, they cannot compete with ransomware, especially when the user invites the virus in unknowingly. There are, however, things you can do to mitigate the damages in the event of an attack. One way you can protect your data is through system backups. Make sure to keep frequent computer system backups so that systems can be restored to the older saved version. In the process you will lose new data you have accumulated since the latest backup. However, the backup will save your older data, which is much better than losing all data indefinitely.
What you can do to protect your law firm?
You want to ensure that your firm’s website and case management software are protected from ransomware. You work with clients and your client management system stores confidential client information. Besides their contact information, you might be storing clients’ Social Security numbers, medical records, and other sensitive data. If you use another company’s CRM, ask that company about its security measures, and see if they are satisfactory for you.
For your own in house software and websites, the best way to protect yourself from cyber attacks is to educate you and your employees to be more aware of computer security. For example, make sure your employees don’t click on links or attachments in unsolicited emails. There are classes that will train employees the principles of cyber security and what to look for/be wary of when conducting business online.
As mentioned above, backup your data on a regular basis. Restrict who has permissions to what, so that fewer users can run and install software applications. You can also contract white hat hackers. These are professional hackers that find vulnerabilities in a company’s website and databases with the intention to prevent future attacks. Although ransomware is a real threat and you can certainly fall victim to it, companies should revise their current cyber security status and implement preventative measures today to ensure that your law firm is protected.