Friday's massive cyber attack exposed the fragility of our IT infrastructure and reminded us to aggressively fortify our digital vaults. The WannaCry ransomware that has taken down computers across the globe is causing perhaps the most prolific cyber attack to date, and it is expected to get worse.
Protecting your personal data is important, but securing the privileged information entrusted by clients is absolutely essential. From solo and small firm practitioners to large legal and business institutions, the need for data protection is a real concern. According to BakerHostetler's second annual Data Security Incident Response Report, phishing/hacking/malware accounted for 43% of all 2016 cybersecurity events at the more than 450 institutions they examined. Ransomware was the biggest development of last year accounting for 23% of all network intrusion incidents at the companies represented in the study, and the attacks show no sign of abating. Last week's WannaCry incursion is just one example of this growing threat.
Fortunately, the BakerHostetler report provides a broad range of lessons for identifying threats and mitigating risks. It advises firms to establish best practices for "compromise readiness."
- Focus on the basics.
- Develop education and awareness programs.
- Implement data inventory and risk assessment procedures.
- Share threat warnings with those in your firm.
Suggested further reading:
- Law Firm Cybersecurity (2017) -- ABA Book Publishing / Solo, Small Firm and General Practice Division
- Will Ransomware Attack Make Law Firms ‘WannaCry’? (May 15, 2017) -- The American Lawyer
- Law Firms Must Manage Cybersecurity Risks (May 2, 2017) -- ABA Journal
- Preparing for Ransomware Attacks: Your Company is a Target (April 3, 2017) -- Nine steps to getting prepared
- The Ransomware Epidemic in Law Firms (February 10, 2017) -- Legal Technology Today podcast
- Protecting Yourself from Ransomware and Cyber-attacks (Sep/Oct 2016) -- ABA GPSOLO