Ransomware is fast becoming a ubiquitous security threat with 65% of British businesses experiencing an attack in the past year, according to the Government-backed Cyber Security Breaches Survey 2016. The term ‘ransomware’ refers to a number of versions of malicious software which takes control of a target’s computer and then encrypts all the data that computer has access to, rendering it inaccessible.
This often means an entire network is fully encrypted which in turn means that the affected business cannot continue to trade. The software’s developers then demand a payment, typically in a digital currency such as bitcoin, in exchange for handing over the encryption keys.
Although not new, ransomware has rapidly risen in popularity as a method of attacking businesses and in particular, the legal sector is considered a key target for cyber criminals: holding a mass of valuable client data and funds, it is clear to see why law firms hold such an allure for criminals. As the UK’s only cloud provider dedicated to the legal sector, Converge TS has been championing cybercrime policies and offering practical guidance for law firms on how to mitigate the risks associated with cyber-attack.
The reality is, at some point, your firm will be subject to cyber-attack and the test will be how your firm can successfully recover from this. The most common way a cyber-criminal infiltrates a network is via a seemingly innocuous email: a request from your bank to log-in to your account; a special retail offer; or an attachment purporting to be a parking ticket. The fact that the emails are becoming increasingly sophisticated means that it is incredibly easy to fall victim to this type of attack.
All law firms should be taking steps to mitigate against the risk of cyber-attack: staff training, email security, web content filtering and Disaster Recovery (DR). One of the key services provided by Converge TS is Managed Backup and Disaster Recovery, which acts as the last in the line of defence against ransomware attacks. All firms are encouraged to perform an annual DR test, which acts as a ‘fire drill’ so that should the firm need to enact the bespoke DR plan, staff and IT teams will know what to expect.
Converge TS provide the managed hosted infrastructure for Hall Brown Family Law, which includes a DR solution for the firm. Partners Sam Hall and James Brown have followed Converge TS advice and requested a DR test to be performed so that in the event of a disaster, they would have peace of mind knowing the timescales, performance and availability of the DR environment would allow the firm to continue to function. Hall commented, “Converge were brilliant and enabled our team to be back up and working again within an hour during the ‘fire drill’. We now have a much better appreciation of the importance of having a robust Disaster Recovery solution from a quality provider.” Brown added, “The successful DR test highlighted that the service provided by Converge could prove to be an invaluable part of our business continuity planning, should we experience any form of ‘disaster’.”
When asked about ransomware specifically, both Hall and Brown agreed that “there’s no ‘silver bullet’ to the cyber-crime issue but we can say with certainty that we’re prepared for any eventuality, thanks to a proven disaster recovery solution from Converge.”
In response to the growing cybercrime pandemic, Converge TS Managing Director Nigel Wright said, "Law firms are actively being targeted and solicitors, as well as their clients, are suffering disruption and potential loss of data and profits.” It is important to recognise that the ransomware issue is not going away; rather, the risk to the legal sector and complexity of the malware is increasing at an exponential rate.
The latest ransomware threat is known as ‘Doxware’; this form of malware holds computers hostage and compromises the privacy of conversations, photos and sensitive files with the threat of releasing them on a public platform. “It is essential that firms understand the risks and take precautions to avoid falling victim to these attacks," urges Wright; “all firms should be asking themselves ‘can we recover and how long will it take to be back up and running should we be attacked?’. The likelihood is that most firms will be affected to a greater or lesser degree in the next 12 months; we would advise that all firms review their disaster recovery systems and policies as a matter of urgency.”