How can law firms protect data from a ransomware attack?
It is virtually impossible to ensure that your law firm is never hit by a ransomware attack. But there are steps that you can take to minimize the likelihood that such a cyber attack would succeed on your firm’s computer system, and to get your firm up and running as fast as possible after an attack:
- Regularly back up your data on a device that does not back up in real time and disconnect the device from the internet and your computer system once the backup is completed (restoring data from backup is the quickest way to get back up and running after a ransomware attack) ;
- Make sure that you have reputable anti-virus software and firewalls installed on all computers, servers, and mobile devices;
- Make sure that the operating systems of all computers, servers, and mobile devices are up-to-date and have all patches installed;
- Make sure you have content scanning and filtering on all email services;
- Use a trusted Virtual Private Network if you are traveling and will be on public wifi;
- Train your staff to recognize suspicious emails and train them not to open attachments or click on links found in those emails;
- Train your staff not to respond to requests for personal information, log on information requested in unsolicited texts and emails;
- Train staff not to click on pop-ups but to safely close the window instead;
- If hit with ransomware, immediately disconnect the infected computer from the internet and from your server to make sure other machines in your firm aren’t infected;
- Immediately report any ransomware attack to law enforcement; and
- Don’t pay the ransom as the cyber criminal may not give your data back even if you do and it encourages other criminals to carry out similar attacks.