Is your firm safe from a Ransomware attack?
In the past few years, damaging ransomware attacks have been mounted on lawyers and law firms including Bad Rabbit, NotPetya and WannaCry. As a lawyer, you might be forced to pay an enormous amount of money to get your documents back. Subsequently, to mitigate such occurrences the pressure for businesses to keep their systems safe is fast growing.
For lawyers and law firms, the problem is not the high sums paid, but the consequences that a firm faces when it is locked out of its systems for a few days, and the loss of important clients. It is worth noting that falling a victim of such a felon activity may as well land a firm on the wrong side of the law. In 2016, the US recorded a 300-percent rise in ransomware cases and lawyers in Ontario and other parts of Canada are not safe.
Imagine a case where your law firm is locked out. You will be without phones, email and all other forms of communications. Additionally, if you are locked out for a week or two, your clients will panic, and the law firm will incur huge losses. In most cases, a firm will be on a stalemate a few hours after the attack. Thus, rendering all its activities paralyzed.
Ransomware attacks take between a few seconds to a few minutes to attack thousands of computers. Since you cannot stop the attack once it has started, the only option you have is to try to keep your systems safe.
Regulatory and Legal Implications of Ransomware Attacks
If you are unlucky and your firm gets attacked by ransomware, where does that leave you from a legal and regulatory perspective?
According to PIPEDA, you are required to act in the best interest of all your clients, report all breaches in your system and share all the details of the attack. Albeit, this does not work for the best interests of your clients. According to PIPEDA, failing to take reasonable steps to keep your firm safe from a ransomware attack would be breaching the principles of risk management.
There are always confidentiality implications in ransomware attacks. The law requires that all affairs and confidentiality of clients be kept confidential unless authorized by the law or the clients give consent. You are also supposed to have systems in place to prevent attacks. If you have not put systems in place to protect your firm, you are in breach of these regulations.
Should You Pay Ransom
The law is not clear on whether you should pay the ransom. In situations when you pay such payment, and it is used by terrorists to attack people, towns or cities, you might have a problem with the law.
Should you pay? This is not a question anyone can answer. Does your firm have the resources to pay the ransom? Are you sure you will get your data back after paying the ransom? Do you have a backup where you can access your data? Are there cyber-security companies that can help you recover data?
Avoiding an Attack
The only way to stay safe from an attack is to keep your data protected and backed up. One solution is not enough, and you need a multifaceted approach.
The first step is to accept that ransomware attacks are real; they attack small, medium and even large law firms. A strike could lead to permanent damage to your files, your firm’s reputation, land you in trouble with the law and even lead to the closure of your practice.
You need to back up your data and put in place hardware and software defences. Let a professional test your systems and train your employees on cyber-security.
The cost of ransomware attacks are detrimental: hence, at Abrisuite we have identified advanced cyber café security to protect law firms of various sizes from falling victim of such cyber predators.
Get in touch with us now to get a free information security consultation.