Ransomware is poised to become even more disruptive during 2021, with the latest incidents proving that no UK organisation is too large or small to benefit from the best ransomware protection in the market. The Scottish Environment Protection Agency confirmed that its control centre was hit by a ransomware attack on Christmas Eve, 2020 which impacted its internal systems, processes and internal communication. Another similar event has taken place at UK Research and Innovation during January 2021, which disrupted services and may have also included data theft.
With new ransomware players such as Pay2Key, RansomEXX and Everest now in circulation, UK law firms need to invest in ransomware protection in 2021 for the following reasons:
- To safeguard the reputation of their legal practice
- Ensure compliance
- Keep confidential data protected and safe from cybercriminals
- Avoid financial loss
It’s important that law firms recognise just how dangerous this threat is, in order to invest in the best ransomware protection for their organisation. Follow these steps to keep your law firm and legal employees safe from the risk of ransomware.
Understanding the danger of ransomware
Ransomware is essentially a type of malware that encrypts a victim’s files so that you immediately lose access to your data. The primary purpose of ransomware is for cybercriminals to gain financially, by charging you a ransom. Typically, they would either demand payment to release your data back to you, or else they would threaten to make your data public unless you pay the ransom.
The impact of ransomware is immediate; as soon as the hackers have encrypted your files and blocked user access, they will demand a sum of money, usually in Bitcoin or alternative cryptocurrency. Once you’ve paid, they promise to provide you with a decryption key.
Protecting Your Systems
Preventing a ransomware attack from striking at your law firm should rely on putting multiple cybersecurity steps into place, starting with locking down your network and internal systems.You should:
- Disable Microsoft’s Remote Desktop Protocol (RDP) when not in use and require Multi-Factor Authentication (MFA) and strong, complex passwords of at least 16 characters in length.
- Require MFA for internal admin accounts and external access to sensitive apps such as email and VPNs.
- Disable Powershell on workstations when not in use, and update to the latest Powershell version when required. This ensures tighter security controls and improved logging capabilities.
- Switch on automatic patching across browsers and operating systems to stay on top of anti-virus updates.
- Assign administrative roles with care, requiring MFA for admin accounts. IT staff can also use non-privilege accounts for everyday tasks such as responding to emails or drawing up strategy documentation.
Training Your Staff
Besides providing a robust barrier to your internal networks, law firms must be aware of the threat posed by internal employees too.
Even organisations with the best ransomware protection can be hit if a member of staff makes a mistake. Phishing emails are frequently sent to legal employees – the content of these messages seems legitimate but persuades people to click on a link or to send sensitive data to a false email address.
The following steps will mitigate this risk:
- Providing regular staff training to ensure that all members of staff know the current best practices and are aware of how to report any suspicious communications.
- Don’t click on unverified links, which will prevent malicious files from being downloaded to your systems.
- Don’t open untrusted email attachments particularly if you’re asked to enable macros to view them.
- NEVER give out personal data via email, text or during a phone call. This can be used in a phishing or blackmail attempt.
- Implement secure work from home policy to keep employees and work devices protected from any location. This might include a requirement to use VPNs as an extra level of protection.
Invest In Best Ransomware Protection in 2021
The switch to remote working has been a gift for cybercriminals, who are using threat actors to exploit the vulnerabilities of a user’s home network. When employees are no longer working within the perimeter of a law firm’s security system, this can be an open goal for ransomware criminals, unless the right solutions are in place.
Keep your law firm 100% protected throughout 2021, regardless of where your employees are based, by investing in superior cybersecurity solutions. City Business Solutions are specialists in this field and can provide you with our expert security recommendations following a FREE security consultation. Book yours today on 0203 355 7334.