In the 1996 movie, Ransom, Mel Gibson plays a multi-millionaire business executive whose son is kidnapped and … big surprise … held for ransom. It’s a remake of a 1956 Glenn Ford movie of the same name. In both films the main characters follow along with the ransom demands … until they don’t. Much drama ensues.
In real life and in the movies, and in instances of ransomware, victims may be counselled to simply pay the ransom. Or sometimes they’re not. Unlike Hollywood, however, there’s no guarantee either storyline leads to a happy ending — including when law firms are deciding how to handle a ransomware attack.
The best possible scenario, of course, is to avoid being the subject of a ransomware attack entirely. It’s easier said than done, but not impossible.
Five Steps to Protect Against Ransomware
First, and especially with many U.S. employees still working from home at least part of the time, law firms must ensure all remote or work-from-away employees have access to a virtual private network. It’s strongly recommended that the firm, through its IT staff or IT contractors, take responsibility for setting up the VPNs used by all employees. This will ensure the most secure remote work environment possible and help to avoid potential attacks. Because cybercriminals are aware large numbers of business professionals are working remotely due to COVID-19, formerly unexceptional suburban enclaves are now priority number one for many industrious cybercriminals.
Second, employees should be trained to use their work computers as just that: work computers. Online shopping, personal downloads and social media should be restricted to personal devices only. Companies that enforce a work-product-only policy on law firm devices can significantly reduce the risk of ransomware attacks against the firm.
Third, help employees know what to look for. Ransomware comes in a variety of formats. These include stray links, a file that needs to be downloaded, phishing emails designed to look reputable that require employees to take a specific and timely action and malicious code hidden in software. Employees should receive guidance from IT professionals regarding how to identify suspicious attachments, what file extensions should raise a red flag (possibly blocking them entirely), and counseled on avoiding giving out personal or firm information without proper verification of who is on the other end of that communication – digital or otherwise.
Fourth, password encryption is strongly recommended. Platforms like LastPass, RoboForm, Sticky Password and others are good ways for law firms to not only manage access security, but also help employees to better remember, or at least access, certain networks or online tools in a responsible way.
Five, simple steps like disabling Autoplay on work computers and switching off wireless connections when not in use, including Bluetooth, can shut down additional common means for cybercriminals to gain access to law firm computers. Because digital media often default to allow Autoplay, this feature creates an ideal and low barrier point of entry for ransomware attacks. The same can be true for wireless connections.
What to Do If You Are Attacked
Even law firms that do almost everything right can fall victim to an opportune cybercriminal who shows up at an inopportune moment.
As soon as anyone in the firm notices unusual activity on a firm system or clicks on something they think better of a moment later, they should immediately remove or disable any network connectivity and shut down the computer. There’s usually a hotline provided with your firm’s cyber liability policy. Call that number immediately. The cyber response team on the other end of that hotline will begin a well-established, organized process that will activate a range of vendors who will begin immediate work to limit the damage and manage the resulting lifecycle of the breach itself.
The next call is to your firm’s IT team or consultant.
Your cyber liability policy can be quite extensive, providing for a crack cyber security team to stop and repair the damage, along with business interruption coverage, public relations and crisis communications support, and potentially even new hardware or software purchases depending on the extent of the breach or ransomware event.
The key, however, is to educate your attorneys and support staff. Also, treat your network security like an annual physical. This means making sure your IT team does a thorough evaluation not only of the network, but how attorneys and staff are operating within that network. Finally, make sure you have a detailed discussion with your insurance agent not only to ensure you understand your cyber liability coverage, but also to ensure coverage is adequate to help your firm get back to business as quickly as possible in the event of an attack.
Failing some or all of the above, you can be assured that in cases where a ransom is demanded for your technology, like in the case of actors Gibson and Ford, much drama will ensue.